CVE-2026-33466 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: April 8, 2026
Logstash - Path Traversal & Remote Code Execution
Published: April 8, 2026Updated: April 8, 2026Remote Exploitable
Overview
Logstash contains a path traversal caused by improper validation of file paths in compressed archives, letting attackers write arbitrary files and potentially execute code remotely via crafted archives, exploit requires attacker-controlled update endpoint.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Attackers can write arbitrary files and potentially execute code remotely, leading to full system compromise.
Mitigation
Update to the latest version of Logstash with fixed archive extraction validation.
References
Related Resources
Details
- CVE ID
- CVE-2026-33466
- Severity
- High
- CVSS Score
- 8.1
- Type
- path_traversal
- Status
- new
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H