Denial of Service Vulnerability in Fluentd Data Collection Product
CVE-2026-44160

7.5HIGH

Key Information:

Vendor

Fluent

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-44160?

Fluentd is a popular data collector that integrates with various data sources. Prior to version 1.19.3, its in_http and in_forward plugins inadequately manage gzip-compressed data. Although the system enforces limits on the size of compressed payloads, it fails to regulate the decompression process. This loophole allows attackers to send specially crafted compressed data, leading to excessive memory consumption and potentially causing denial of service via memory exhaustion. Users are advised to upgrade to version 1.19.3 or later to mitigate this risk.

Affected Version(s)

fluentd < 1.19.3

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.