SB2026040925 - Path traversal in Elastic Logstash

Security Bulletin ID SB2026040925

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2026-33466)

The vulnerability allows a remote attacker to write arbitrary files and potentially execute arbitrary code.

The vulnerability exists due to path traversal in archive extraction utilities when processing a specially crafted archive from an external update endpoint. A remote attacker can serve a specially crafted archive to write arbitrary files and potentially execute arbitrary code.

Only deployments with the GeoIP database downloader enabled and configured to use an external update endpoint are affected. In certain configurations, exploitation can be escalated when automatic pipeline configuration reloading is enabled and the pipeline configuration directory is writable by the Logstash process.

Remediation

Install update from vendor's website.

References

https://discuss.elastic.co/t/logstash-8-19-14-9-2-8-9-3-3-security-update-esa-2026-29/385816