CVE-2026-33466

HIGH 8.1

Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write

CVSS Score

8.1

EPSS Score

0.3%

EPSS Percentile

51th

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives. An attacker who can serve a specially crafted archive to Logstash through a compromised or attacker-controlled update endpoint can write arbitrary files to the host filesystem with the privileges of the Logstash process. In certain configurations where automatic pipeline reloading is enabled, this can be escalated to remote code execution.

CWE	CWE-22
Vendor	elastic
Product	logstash
Published	Apr 8, 2026
Last Updated	Apr 10, 2026

Stay Ahead of the Next One

Get instant alerts for elastic logstash

Be the first to know when new high vulnerabilities affecting elastic logstash are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Elastic / Logstash

8.0.0 ≤ 8.19.13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

discuss.elastic.co: https://discuss.elastic.co/t/logstash-8-19-14-9-2-8-9-3-3-security-update-esa-2026-29/385816