Description
A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's authentication directory (CWE-276) expose a cryptographic secret used for JWT signing and password-hash derivation, enabling forgery of administrative API tokens. The forged token can then be used to invoke a pipeline function that reaches an OS command sink (CWE-78) running in the SYSTEM context.
Published: 2026-05-12
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability affecting Cribl Edge has been reserved by the vendor, and no technical details are currently available. As a result the nature of the flaw, its specific threat to confidentiality, integrity, or availability, and the type of weakness remain unknown until the official disclosure. It has been identified as an input validation weakness (CWE‑20). This lack of data prevents any concrete assessment of how an attacker could exploit the issue.

Affected Systems

Cribl Edge is the only product listed as affected. The vendor, Cribl, does not provide any version identifiers at this stage. Therefore any system running an undisclosed version of Cribl Edge could potentially be impacted pending further information.

Risk and Exploitability

A CVSS score of 9.8 indicates a severe risk level, yet the EPSS score is listed as less than 1%, implying that the likelihood of exploitation is currently very low. The vulnerability is not present in the CISA KEV catalog. Because no exploit details are publicly known and the exploit path is undisclosed, the exact attack vector cannot be determined; monitoring for official advisories and applying any future patch remains the recommended stance.

Generated by OpenCVE AI on May 15, 2026 at 22:28 UTC.

Remediation

Vendor Solution

Upgrade Cribl Edge to v4.17.1 or higher. Upgrading fully resolves this vulnerability and no additional mitigation is required.

OpenCVE Recommended Actions

  • Regularly review Cribl’s release notes and security advisories for patch availability.
  • Apply the vendor’s official patch or upgrade to a patched version of Cribl Edge as soon as it is released.
  • Limit exposure of Cribl Edge services to trusted networks and consider blocking inbound traffic from untrusted sources.

Generated by OpenCVE AI on May 15, 2026 at 22:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Reserved. Details will be published at disclosure. A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's authentication directory (CWE-276) expose a cryptographic secret used for JWT signing and password-hash derivation, enabling forgery of administrative API tokens. The forged token can then be used to invoke a pipeline function that reaches an OS command sink (CWE-78) running in the SYSTEM context.
Title Local privilege escalation to SYSTEM in Cribl Edge for Windows
Weaknesses CWE-276
CWE-78
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 15 May 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Fri, 15 May 2026 13:45:00 +0000

Type Values Removed Values Added
Title Cribl Edge Reserved Vulnerability Awaiting Disclosure

Fri, 15 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cribl
Cribl cribl
Vendors & Products Cribl
Cribl cribl

Tue, 12 May 2026 03:45:00 +0000

Type Values Removed Values Added
Title Cribl Edge Reserved Vulnerability Awaiting Disclosure

Tue, 12 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description Reserved. Details will be published at disclosure.
References

Subscriptions

Cribl Cribl
cve-icon MITRE

Status: PUBLISHED

Assigner: Cribl

Published:

Updated: 2026-06-02T15:55:07.304Z

Reserved: 2026-05-12T01:05:53.672Z

Link: CVE-2026-45393

cve-icon Vulnrichment

Updated: 2026-05-15T10:57:50.789Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T02:16:13.310

Modified: 2026-06-02T17:16:33.903

Link: CVE-2026-45393

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T22:30:06Z

Weaknesses