Authorization bypass through user-controlled key in Graylog - #VU137024

 

Authorization bypass through user-controlled key in Graylog - #VU137024

Published: July 7, 2026


Vulnerability identifier: #VU137024
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-639
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Graylog
Affected software:
Graylog

Detailed vulnerability description

The vulnerability allows a remote user to modify ownership of saved searches and dashboards to gain unauthorized control.

The vulnerability exists due to authorization bypass through user-controlled key in the API endpoint for updating saved searches and dashboards when handling update requests. A remote user can assign owner permissions to an arbitrary account to modify ownership of saved searches and dashboards to gain unauthorized control.

This can be used to delete the affected saved search or dashboard or remove the original owner's access.


Remediation

Install security update from vendor's website.

Sources