CVE-2026-45393

HIGH 7.8

Local privilege escalation to SYSTEM in Cribl Edge for Windows

CVSS Score

7.8

EPSS Score

0.1%

EPSS Percentile

23th

A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's authentication directory (CWE-276) expose a cryptographic secret used for JWT signing and password-hash derivation, enabling forgery of administrative API tokens. The forged token can then be used to invoke a pipeline function that reaches an OS command sink (CWE-78) running in the SYSTEM context.

CWE	CWE-276 CWE-78
Vendor	cribl
Product	cribl edge
Published	May 12, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for cribl cribl edge

Be the first to know when new high vulnerabilities affecting cribl cribl edge are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Cribl / Cribl Edge

0 < 4.17.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.cribl.io: https://docs.cribl.io/edge/release-notes/release-v4171#security-fixes trust.cribl.io: https://trust.cribl.io/notifications

Credits

Abdulaziz M. Almetairy, Saudi Aramco