Every CVE whose affected-product data names Elastic Logstash, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2019-7612 — CVSS 9.8 (critical): A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is…
CVE-2023-46672 — CVSS 8.4 (high): An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The…
CVE-2026-33466 — CVSS 8.1 (high): Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote…
CVE-2016-1000222 — CVSS 7.5 (high): Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
CVE-2014-4326 — CVSS 7.5 (high): Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1)…
CVE-2016-10363 — CVSS 7.5 (high): Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX…
CVE-2015-5378 — CVSS 7.5 (high): Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and…
CVE-2016-1000221 — CVSS 7.5 (high): Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive…
CVE-2019-7620 — CVSS 7.5 (high): Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who…
CVE-2018-3817 — CVSS 6.5 (medium): When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive…
CVE-2015-4152 — CVSS 6.4 (medium): Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to…
CVE-2015-5619 — CVSS 5.9 (medium): Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates…
CVE-2021-22138 — CVSS 3.7 (low): In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When…