CVE-2026-45391

HIGH 7.8

Local privilege escalation in Cribl Edge for Linux

CVSS Score

7.8

EPSS Score

0.1%

EPSS Percentile

23th

A command injection vulnerability in Cribl Edge for Linux versions 3.2.0 through 4.17.0 allows a local unprivileged user to execute arbitrary commands in the context of the Cribl Edge service account.

CWE	CWE-78
Vendor	cribl
Product	cribl edge
Published	May 12, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for cribl cribl edge

Be the first to know when new high vulnerabilities affecting cribl cribl edge are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Cribl / Cribl Edge

3.2.0 < 4.17.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.cribl.io: https://docs.cribl.io/edge/release-notes/release-v4171#security-fixes trust.cribl.io: https://trust.cribl.io/notifications

Credits

Zach Rayburn, Cribl Product Security