Description
A command injection vulnerability in Cribl Edge for Linux versions 3.2.0 through 4.17.0 allows a local unprivileged user to execute arbitrary commands in the context of the Cribl Edge service account.
Published: 2026-05-12
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

CVE‑2026‑45391 describes a command injection vulnerability in Cribl Edge for Linux. A local unprivileged user can cause arbitrary commands to run in the context of the Cribl Edge service account, providing local privilege escalation. This flaw arises from improper input validation (CWE‑20) and shell command injection (CWE‑78).

Affected Systems

Cribl Edge versions 3.2.0 through 4.17.0 on Linux are affected. The vulnerability applies to all these releases, and the fix is available in v4.17.1 and later.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity. The EPSS score of < 1 % suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. An attacker must have local, unprivileged access to the host running Cribl Edge. By exploiting the command injection flaw, the attacker can execute arbitrary commands as the Cribl Edge service account, thereby escalating privileges on the system.

Generated by OpenCVE AI on June 2, 2026 at 18:40 UTC.

Remediation

Vendor Solution

Upgrade Cribl Edge to v4.17.1 or higher. Upgrading fully resolves this vulnerability and no additional mitigation is required. As a defense-in-depth best practice (independent of this CVE), running Cribl Edge as an unprivileged Linux user is recommended; see https://docs.cribl.io/edge/deploy-linux/ for guidance.

OpenCVE Recommended Actions

  • Upgrade Cribl Edge to v4.17.1 or higher, which fully resolves the vulnerability.
  • Consider running the Cribl Edge service as an unprivileged Linux user as a defense‑in‑depth measure, following the guidance in the official documentation.
  • Restrict inbound traffic to the Cribl Edge instance using firewall rules to limit exposure to trusted IP addresses.

Generated by OpenCVE AI on June 2, 2026 at 18:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Reserved. Details will be published at disclosure. A command injection vulnerability in Cribl Edge for Linux versions 3.2.0 through 4.17.0 allows a local unprivileged user to execute arbitrary commands in the context of the Cribl Edge service account.
Title High Severity Vulnerability in Cribl Edge Local privilege escalation in Cribl Edge for Linux
Weaknesses CWE-78
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 15 May 2026 13:15:00 +0000

Type Values Removed Values Added
Title High Severity Vulnerability in Cribl Edge

Fri, 15 May 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cribl
Cribl cribl
Vendors & Products Cribl
Cribl cribl

Tue, 12 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description Reserved. Details will be published at disclosure.
References

Subscriptions

Cribl Cribl
cve-icon MITRE

Status: PUBLISHED

Assigner: Cribl

Published:

Updated: 2026-06-02T15:51:55.156Z

Reserved: 2026-05-12T01:05:53.671Z

Link: CVE-2026-45391

cve-icon Vulnrichment

Updated: 2026-05-14T12:05:31.297Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T02:16:13.107

Modified: 2026-06-17T10:52:00.163

Link: CVE-2026-45391

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T18:45:06Z

Weaknesses
  • CWE-20

    Improper Input Validation

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')