Main Vulnerability Database Vulnerabilities #VU135296

Improper Neutralization of Special Elements in Graylog Forwarder and Graylog - CVE-2026-55841

Published: June 25, 2026

Vulnerability identifier: #VU135296

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-55841

CWE-ID: CWE-138

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Graylog

Affected software:
Graylog Forwarder
Graylog

Detailed vulnerability description

The vulnerability allows a remote attacker to modify or delete log message fields and cause log messages to be discarded.

The vulnerability exists due to improper neutralization of special elements in the syslog message parser when parsing key-value formatted syslog messages. A remote attacker can send a specially crafted syslog message to modify or delete log message fields and cause log messages to be discarded.

This can enable log evasion techniques that obscure malicious activity.

How to mitigate CVE-2026-55841

Install security update from vendor's website.

Sources

https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-gqr6-r77p-c2pj

Improper Neutralization of Special Elements in Graylog Forwarder and Graylog - CVE-2026-55841

Detailed vulnerability description

How to mitigate CVE-2026-55841

Sources

Please verify you're human