Path Traversal Vulnerability in Fluentd Data Collection Tool
CVE-2026-44024

9.8CRITICAL

Key Information:

Vendor

Fluent

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-44024?

Fluentd, a popular open-source data collector, has a vulnerability that allows attackers to exploit dynamic file path constructions using the ${tag} placeholder. Before version 1.19.3, this insufficient validation in file configuration could be manipulated through untrusted tags containing path traversal characters. As a result, attackers could potentially write to or overwrite arbitrary files on the system, which might lead to the execution of unauthorized remote commands. Users are advised to upgrade to the latest version (1.19.3) to mitigate this risk.

Affected Version(s)

fluentd < 1.19.3

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.