Primary

Context

Logstash Relative Path Traversal Vulnerability Leading to Arbitrary File Write and Remote Code Execution

Vulnerability

Patched

A vulnerability in Logstash exists due to improper validation of file paths in the archive extraction utilities. This flaw allows for relative path traversal, leading to arbitrary file writes on the host filesystem with the privileges of the Logstash process. If a specially crafted archive is served to Logstash through a compromised update endpoint, the vulnerability can be exploited. In configurations with automatic pipeline reloading enabled, this could escalate to remote code execution.

Impact

Exploitation of this vulnerability could result in arbitrary file writes and potentially allow for remote code execution, especially in configurations with automatic pipeline reloading enabled.

Remediation

Users can update to Logstash versions 8.19.14, 9.2.8, or 9.3.3 to address this vulnerability.

Added: Apr 8, 2026, 9:35 PM

Updated: Apr 8, 2026, 9:35 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

6.4

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

6.4

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Logstash Relative Path Traversal Vulnerability Leading to Arbitrary File Write and Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Elastic Logstash

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating