Plattform
linux
Komponente
logstash
Behoben in
8.19.14
CVE-2026-33466 is an Arbitrary File Access vulnerability affecting Logstash versions 8.0.0 through 8.19.13. This flaw allows attackers to write arbitrary files to the host filesystem, potentially leading to remote code execution if automatic pipeline reloading is enabled. The vulnerability stems from improper validation of file paths within compressed archives during extraction. A fix is available in Logstash 8.19.14.
The primary impact of CVE-2026-33466 is the potential for arbitrary file write. An attacker can craft a malicious archive and, if Logstash is configured to automatically reload pipelines from a compromised source, trigger the extraction process. This allows the attacker to write files to any location accessible by the Logstash process, potentially overwriting critical system files or configuration data. In scenarios where the Logstash process runs with elevated privileges, this could lead to remote code execution, granting the attacker complete control over the affected system. The vulnerability's reliance on a controlled update endpoint or automatic pipeline reloading makes it particularly concerning in environments with automated deployments or external data ingestion.
CVE-2026-33466 was publicly disclosed on 2026-04-08. The vulnerability's exploitation requires a controlled update endpoint or automatic pipeline reloading, which may limit its immediate exploitability. There are currently no publicly available proof-of-concept exploits, but the potential for remote code execution warrants careful attention. The vulnerability is not currently listed on CISA KEV as of this writing.
Organizations heavily reliant on Logstash for centralized logging and data processing are at significant risk. Specifically, environments with automatic pipeline reloading enabled, or those lacking robust input validation on update endpoints, are particularly vulnerable. Shared hosting environments where multiple users share a Logstash instance also face increased risk.
• linux / server:
journalctl -u logstash | grep -i "archive extraction"• linux / server:
ps aux | grep -i logstash | grep -i "extracting archive"• generic web:
curl -I <logstash_update_endpoint> | grep -i "Content-Type: application/zip"disclosure
Exploit-Status
EPSS
0.39% (60% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-33466 is to upgrade Logstash to version 8.19.14 or later. If immediate upgrading is not possible, consider disabling automatic pipeline reloading to prevent attackers from triggering the vulnerability through a compromised update endpoint. Implement strict input validation and sanitization on any data sources used by Logstash. Consider using a Web Application Firewall (WAF) or proxy to inspect incoming archive files for suspicious patterns or path traversal attempts. Monitor Logstash logs for unusual file write activity, particularly in unexpected locations.
Actualice Logstash a la versión 8.19.14 o posterior para mitigar la vulnerabilidad. Esta actualización corrige la validación de rutas de archivo dentro de los archivos comprimidos, previniendo la escritura arbitraria de archivos en el sistema de archivos. Consulte las notas de la versión de Elastic para obtener instrucciones detalladas de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-33466 is a HIGH severity vulnerability in Logstash versions 8.0.0–8.19.13 that allows attackers to write arbitrary files via crafted archives, potentially leading to remote code execution.
If you are running Logstash versions 8.0.0 through 8.19.13, you are potentially affected. Check your version and upgrade immediately.
Upgrade to Logstash version 8.19.14 or later. As an interim measure, disable automatic pipeline reloading.
Currently, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the official Elastic security advisory for details: [https://www.elastic.co/security/advisories/CVE-2026-33466](https://www.elastic.co/security/advisories/CVE-2026-33466)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.