CVE-2026-44024

Source
https://cve.org/CVERecord?id=CVE-2026-44024
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44024.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44024
Aliases
Downstream
Related
Published
2026-07-08T21:20:29.598Z
Modified
2026-07-16T03:48:32.029050231Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Fluentd: Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder
Details

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows dynamically constructing file paths using the ${tag} placeholder, and insufficient validation of ${tag} in file configurations such as the path parameter of the out_file plugin allows attackers sending untrusted tags containing path traversal characters to write or overwrite arbitrary files and potentially achieve remote code execution. This issue is fixed in version 1.19.3.

Database specific
{
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44024.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/fluent/fluentd

Affected ranges

Type
GIT
Repo
https://github.com/fluent/fluentd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:fluentd:fluentd:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.19.3"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

v0.*
v0.10.0
v0.10.1
v0.10.10
v0.10.11
v0.10.12
v0.10.13
v0.10.14
v0.10.15
v0.10.16
v0.10.17
v0.10.18
v0.10.19
v0.10.2
v0.10.20
v0.10.21
v0.10.22
v0.10.23
v0.10.24
v0.10.25
v0.10.26
v0.10.27
v0.10.28
v0.10.3
v0.10.30
v0.10.31
v0.10.32
v0.10.34
v0.10.35
v0.10.36
v0.10.37
v0.10.38
v0.10.39
v0.10.40
v0.10.41
v0.10.42
v0.10.43
v0.10.44
v0.10.45
v0.10.46
v0.10.47
v0.10.48
v0.10.49
v0.10.5
v0.10.50
v0.10.51
v0.10.52
v0.10.53
v0.10.6
v0.10.8
v0.10.9
v0.12.0.pre.1
v0.12.0.pre.2
v0.12.1
v0.12.10
v0.12.11
v0.12.12
v0.12.13
v0.12.14
v0.12.15
v0.12.16
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.12.7
v0.12.8
v0.12.9
v0.14.0
v0.14.0.pre.1
v0.14.0.rc.1
v0.14.0.rc.2
v0.14.0.rc.3
v0.14.1
v0.14.10
v0.14.11
v0.14.12
v0.14.13
v0.14.14
v0.14.14.pre.1
v0.14.15
v0.14.16
v0.14.17
v0.14.18
v0.14.19
v0.14.2
v0.14.20
v0.14.20.rc1
v0.14.21
v0.14.22
v0.14.22.rc1
v0.14.22.rc2
v0.14.23
v0.14.23.rc1
v0.14.24
v0.14.25
v0.14.4
v0.14.5
v0.14.7
v0.14.8
v0.14.9
v0.9.0
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.13
v0.9.14
v0.9.15
v0.9.16
v0.9.17
v0.9.18
v0.9.19
v0.9.2
v0.9.20
v0.9.21
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v1.*
v1.0.0
v1.0.0.rc1
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.12.0
v1.12.0.rc1
v1.12.0.rc2
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.14.0
v1.14.0.rc
v1.14.1
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.15.0
v1.15.1
v1.15.2
v1.15.3
v1.16.0
v1.16.1
v1.16.2
v1.17.0
v1.17.1
v1.18.0
v1.19.0
v1.19.1
v1.19.2
v1.2.0
v1.2.0.pre1
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.4.rc1
v1.2.5
v1.2.5.rc1
v1.2.6
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.4.0
v1.4.1
v1.4.2
v1.5.0
v1.5.0.rc1
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.0.rc1
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.0.rc1
v1.8.0.rc2
v1.8.0.rc3
v1.8.1
v1.9.0
v1.9.0.rc1
v1.9.0.rc2
v1.9.1
v1.9.2
v1.9.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44024.json"