CVE-2026-10745
CVE-2026-10745 is a high-severity vulnerability with a CVSS 4.0 base score of 7.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-117.
Key facts
- Severity: High (CVSS 4.0 base score 7.9)
- EPSS exploit prediction: 0% (18th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-38731
- Weakness: CWE-117
- Published:
- Last modified:
Description
Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1.
Frequently asked questions
- What is CVE-2026-10745?
- Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1.
- How severe is CVE-2026-10745?
- CVE-2026-10745 has a CVSS 4.0 base score of 7.9, rated high severity.
- Is CVE-2026-10745 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (18th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-10745?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2026-10745 have an EU (EUVD) identifier?
- Yes. CVE-2026-10745 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-38731.
- When was CVE-2026-10745 published?
- CVE-2026-10745 was published on 2026-06-24 and last updated on 2026-06-25.
References
Other CWE-117 (Improper Output Neutralization for Logs) vulnerabilities
- CVE-2023-46322 — Critical (CVSS 9.8): iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial…
- CVE-2023-46321 — Critical (CVSS 9.8): iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell…
- CVE-2024-0095 — Critical (CVSS 9.0): NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and…
- CVE-2024-25047 — High (CVSS 8.6): IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application…
- CVE-2025-57564 — High (CVSS 8.2): CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems…
- CVE-2019-14846 — High (CVSS 7.8): In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were…
Browse all CWE-117 (Improper Output Neutralization for Logs) vulnerabilities →