CVE-2026-33566

MEDIUM

LogonTracer <2.0.0 - Cypher Injection

Title source: llm

Description

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered.

References (2)

Core 2

Core References

https://www.jpcert.or.jp/press/2026/PR20260423.html

https://jvn.jp/en/jp/JVN57877356/

Scores

CVSS v3 4.3

EPSS 0.0018

EPSS Percentile 7.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-943

Status published

Products (2)

Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)/LogonTracer prior to v2.0.0

jpcert/logontracer < 2.0.0

Published Apr 27, 2026

Tracked Since Apr 27, 2026