Browse all 7 CVE security advisories affecting Graylog. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Graylog serves as a centralized log management and security information event management (SIEM) platform, enabling organizations to aggregate, analyze, and correlate log data for threat detection and compliance. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. While no major public security incidents have been widely documented, the platform's 7 recorded CVEs highlight potential risks in default configurations and authentication mechanisms. Security teams should implement strict access controls, regular patching, and network segmentation to mitigate exposure, particularly for internet-facing deployments where exploitation risks increase.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1441 | Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface — Graylog Web InterfaceCWE-79 | 6.1 | - | 2026-02-18 |
| CVE-2026-1440 | Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface — Graylog Web InterfaceCWE-79 | 6.1 | - | 2026-02-18 |
| CVE-2026-1439 | Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface — Graylog Web InterfaceCWE-79 | 6.1 | - | 2026-02-18 |
| CVE-2026-1438 | Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface — Graylog Web InterfaceCWE-79 | 6.1 | - | 2026-02-18 |
| CVE-2026-1437 | Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface — Graylog Web InterfaceCWE-79 | 6.1 | - | 2026-02-18 |
| CVE-2026-1436 | Improper Access Control (IDOR) vulnerability in Graylog Web Interface — Graylog Web InterfaceCWE-639 | 6.5 | - | 2026-02-18 |
| CVE-2026-1435 | Incorrect management of session invalidation vulnerability in Graylog Web Interface — Graylog Web InterfaceCWE-613 | 9.1 | - | 2026-02-18 |
This page lists every published CVE security advisory associated with Graylog. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.