Main Vulnerability Database Vulnerabilities #VU135297

Authorization bypass through user-controlled key in Graylog - CVE-2026-55867

Published: June 25, 2026

Vulnerability identifier: #VU135297

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-55867

CWE-ID: CWE-639

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Graylog

Affected software:
Graylog

Detailed vulnerability description

The vulnerability allows a remote user to delete other users' access tokens.

The vulnerability exists due to improper access control in the token revocation endpoint when handling token revocation requests. A remote user can supply a valid token identifier belonging to another user to delete other users' access tokens.

The issue does not expose token contents, but service account tokens and administrator tokens can also be deleted.

How to mitigate CVE-2026-55867

Install security update from vendor's website.

Sources

https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-j769-9gv9-65gr

Authorization bypass through user-controlled key in Graylog - CVE-2026-55867

Detailed vulnerability description

How to mitigate CVE-2026-55867

Sources

Please verify you're human