Denial of Service Vulnerability in Fluentd Data Collection Product
CVE-2026-44160
7.5HIGH
What is CVE-2026-44160?
Fluentd is a popular data collector that integrates with various data sources. Prior to version 1.19.3, its in_http and in_forward plugins inadequately manage gzip-compressed data. Although the system enforces limits on the size of compressed payloads, it fails to regulate the decompression process. This loophole allows attackers to send specially crafted compressed data, leading to excessive memory consumption and potentially causing denial of service via memory exhaustion. Users are advised to upgrade to version 1.19.3 or later to mitigate this risk.
Affected Version(s)
fluentd < 1.19.3
