CVE-2026-45392

HIGH

Cribl Stream < 4.17.1 - Improper Input Validation

Title source: rule
STIX 2.1

Description

DOM-based cross-site scripting (XSS) in Cribl Stream before 4.17.1 allows a remote attacker to execute arbitrary JavaScript in the browser of an authenticated user who is tricked into visiting a crafted URL and interacting with the page.

References (2)

Core 2
Core References
Release Notes release-notes
Cribl Stream 4.17.1 Security Fixes
https://docs.cribl.io/stream/release-notes/release-v4171#security-fixes
Vendor Advisory vendor-advisory
Cribl Trust Portal
https://trust.cribl.io/notifications

Scores

CVSS v3 8.7
EPSS 0.0028
EPSS Percentile 19.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20 CWE-79
Status published
Products (1)
Cribl/Cribl Stream < 4.17.1
Published May 12, 2026
Tracked Since May 12, 2026