Path Traversal Vulnerability in Fluentd Data Collection Tool
CVE-2026-44024
9.8CRITICAL
What is CVE-2026-44024?
Fluentd, a popular open-source data collector, has a vulnerability that allows attackers to exploit dynamic file path constructions using the ${tag} placeholder. Before version 1.19.3, this insufficient validation in file configuration could be manipulated through untrusted tags containing path traversal characters. As a result, attackers could potentially write to or overwrite arbitrary files on the system, which might lead to the execution of unauthorized remote commands. Users are advised to upgrade to the latest version (1.19.3) to mitigate this risk.
Affected Version(s)
fluentd < 1.19.3
