Description
DOM-based cross-site scripting (XSS) in Cribl Stream before 4.17.1 allows a remote attacker to execute arbitrary JavaScript in the browser of an authenticated user who is tricked into visiting a crafted URL and interacting with the page.
Published: 2026-05-12
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a DOM‑based cross‑site scripting flaw in Cribl Stream versions prior to 4.17.1. An authenticated user can be tricked into visiting a crafted URL that forces execution of arbitrary JavaScript in their browser. The flaw requires the victim to interact with the page, and the attacker can exploit it remotely via the malicious link. The CVSS score of 7.1 places the weakness in the moderate‑to‑high severity range, while the associated CWE identifiers include CWE‑20 and CWE‑79.

Affected Systems

This issue affects Cribl Stream deployments from Cribl that are running any version earlier than 4.17.1. The vulnerability is present in all prior releases, so any such installation could be compromised unless the user upgrades to the fixed version.

Risk and Exploitability

The CVSS base score of 7.1 indicates that an attacker could cause moderate‑to‑high impact by compromising an authenticated user's browser session. The EPSS score of < 1% suggests a low probability of exploitation at present. The flaw is not listed in CISA KEV. The attack vector is remote, requiring an authenticated user to click a malicious link that exploits the DOM. Successful exploitation can lead to arbitrary script execution, potentially resulting in credential theft, session hijacking, or other malicious actions within the victim’s browser context.

Generated by OpenCVE AI on June 2, 2026 at 20:22 UTC.

Remediation

Vendor Solution

Upgrade Cribl Stream to v4.17.1 or higher. Upgrading fully resolves this vulnerability and no additional mitigation is required. As a defense-in-depth best practice (independent of this CVE), configuring a Content Security Policy header is recommended; see https://docs.cribl.io/stream/securing-sources-dest#csp for non-SSO and https://docs.cribl.io/stream/securing-sources-dest#saml-sso-configuration for SSO deployments.

OpenCVE Recommended Actions

  • Upgrade Cribl Stream to version 4.17.1 or higher.
  • Implement a Content Security Policy header following Cribl’s guidance for SSO or non‑SSO deployments.
  • Keep monitoring Cribl release notes and notification channels for future updates.

Generated by OpenCVE AI on June 2, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-284

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Reserved. Details will be published at disclosure. DOM-based cross-site scripting (XSS) in Cribl Stream before 4.17.1 allows a remote attacker to execute arbitrary JavaScript in the browser of an authenticated user who is tricked into visiting a crafted URL and interacting with the page.
Title Reserved Vulnerability in Cribl Stream DOM-based XSS in Cribl Stream
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}

Fri, 15 May 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Cribl
Cribl cribl Stream
Vendors & Products Cribl
Cribl cribl Stream

Tue, 12 May 2026 04:15:00 +0000

Type Values Removed Values Added
Title Reserved Vulnerability in Cribl Stream
Weaknesses CWE-200
CWE-284

Tue, 12 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description Reserved. Details will be published at disclosure.
References

Subscriptions

Cribl Cribl Stream
cve-icon MITRE

Status: PUBLISHED

Assigner: Cribl

Published:

Updated: 2026-06-02T15:53:40.515Z

Reserved: 2026-05-12T01:05:53.672Z

Link: CVE-2026-45392

cve-icon Vulnrichment

Updated: 2026-05-15T10:56:38.225Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T02:16:13.220

Modified: 2026-06-17T10:52:00.327

Link: CVE-2026-45392

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:30:17Z

Weaknesses
  • CWE-20

    Improper Input Validation

  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')