Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Graylog2 — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting Graylog2. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Graylog2 serves as a centralized log management and security information event management (SIEM) solution for collecting, analyzing, and correlating log data across IT infrastructure. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, particularly in its web interface and API components. The platform's open architecture exposes it to risks through misconfigurations and insecure default settings. While no major public security incidents have been widely documented, the 9 recorded CVEs highlight ongoing concerns about input validation and access control, necessitating rigorous hardening and regular updates to mitigate potential attack vectors in enterprise deployments.

Top products by Graylog2: graylog2-server
CVE IDTitleCVSSSeverityPublished
CVE-2025-53106 Graylog vulnerable to privilege escalation through API tokens — graylog2-serverCWE-285 8.8AIHighAI2025-07-02
CVE-2025-46827 Graylog Allows Session Takeover via Insufficient HTML Sanitization — graylog2-serverCWE-79 8.0 High2025-05-07
CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value — graylog2-serverCWE-285 6.5 Medium2025-04-07
CVE-2024-52506 Graylog can leak other users' reports via concurrent PDF report rendering — graylog2-serverCWE-200 4.3AIMediumAI2024-11-18
CVE-2024-24824 graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request — graylog2-serverCWE-284 8.8 High2024-02-07
CVE-2024-24823 graylog2-server Session Fixation vulnerability through cookie injection — graylog2-serverCWE-384 5.7 Medium2024-02-07
CVE-2023-41045 Insecure source port usage for DNS queries in Graylog — graylog2-serverCWE-345 3.7 Low2023-08-31
CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog — graylog2-serverCWE-22 3.3 Low2023-08-31
CVE-2023-41041 User session is still usable after logout in graylog2-server — graylog2-serverCWE-613 2.6 Low2023-08-30

This page lists every published CVE security advisory associated with Graylog2. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.