Fluentd 1.19.3 Fixes Critical RCE and Multiple High-Severity Vulnerabilities


Fluentd users should update to version 1.19.3 after maintainers fixed a critical remote code execution risk and several high-severity vulnerabilities affecting logging, monitoring, and HTTP output components.

The most serious flaw is CVE-2026-44024, which can let attackers write files outside intended directories when Fluentd receives untrusted log data and uses the ${tag} placeholder in file paths. The GitHub advisory says the bug can escalate to full RCE in some configurations.

The vulnerabilities affect Fluentd versions up to and including 1.19.2. The Fluentd release announcement says version 1.19.3 includes the security fixes, while Fluent Package users are advised to move to fluent-package LTS v6.0.4.

What Fluentd Patched In Version 1.19.3

Fluentd is a widely used open-source data collector that sits between log sources and storage, analytics, SIEM, cloud, and database systems. That position makes it sensitive because it often receives data from many systems and forwards it across internal infrastructure.

The fixed vulnerabilities cover four major areas: file path expansion, Monitor Agent API exposure, gzip decompression handling, and HTTP endpoint placeholder expansion. These issues can lead to RCE, sensitive data disclosure, denial of service, and server-side request forgery.

The Fluentd 1.19.3 release notes show fixes for strict path boundary validation, decompressed payload size limits, safer Monitor Agent defaults, and strict host validation for dynamic HTTP endpoints.

CVEComponentImpactSeverityFixed version
CVE-2026-44024${tag} placeholder in file pathsArbitrary file write, possible RCECritical, 9.81.19.3
CVE-2026-44025in_monitor_agentSensitive information disclosureHigh, 7.51.19.3
CVE-2026-44160in_http and in_forwardDenial of service through memory exhaustionHigh, 7.51.19.3
CVE-2026-44161out_httpServer-side request forgeryHigh, 7.21.19.3

CVE-2026-44024: Critical File Write Bug Can Lead To RCE

CVE-2026-44024 affects Fluentd configurations that dynamically construct file paths with the ${tag} placeholder. The CVE-2026-44024 advisory says insufficient validation can allow path traversal when Fluentd receives untrusted tags.

If a vulnerable configuration uses the placeholder in a file output path, an attacker may be able to write attacker-controlled content outside the expected directory. That can become remote code execution if the attacker overwrites configuration files, injects executable plugins, or targets files that Fluentd later loads.

The impact depends on the exact deployment. A Fluentd instance running with broad filesystem permissions and exposed to untrusted log sources faces a much higher risk than one running as a restricted user inside a trusted network.

CVE-2026-44025: Monitor Agent API Can Leak Sensitive Data

CVE-2026-44025 affects Fluentd’s Monitor Agent plugin, also known as in_monitor_agent. The Monitor Agent API advisory says responses from endpoints such as /api/plugins.json could expose internal plugin instance variables.

That matters because plugins may hold credentials, database passwords, cloud keys, API tokens, or other sensitive values in memory. If the Monitor Agent API is reachable from an untrusted network, attackers may collect information that helps them move deeper into the environment.

Fluentd 1.19.3 changes the default visibility of configuration, retry, and debug information. The advisory also recommends binding the Monitor Agent to localhost and blocking access to port 24220 from untrusted networks.

  • Bind in_monitor_agent to 127.0.0.1 where possible.
  • Block port 24220 from the internet and untrusted internal networks.
  • Review whether plugins store secrets in instance variables.
  • Rotate exposed credentials if the Monitor Agent API was reachable.

CVE-2026-44160: Gzip Bombs Can Crash Fluentd

CVE-2026-44160 affects the in_http and in_forward input plugins. The gzip decompression advisory says Fluentd enforced limits on incoming compressed payloads, but did not enforce limits on the decompressed data size.

An attacker can abuse this by sending a small compressed payload that expands into a much larger body in memory. When Fluentd decompresses it, the process can consume excessive memory and get killed by the operating system.

This is a denial-of-service issue, not direct code execution. Still, it can disrupt logging and forwarding on the affected node, which can create blind spots during an incident.

CVE-2026-44161: out_http Placeholder Expansion Enables SSRF

CVE-2026-44161 affects Fluentd’s out_http plugin. The SSRF advisory says the plugin allowed placeholders such as ${tag} in the endpoint setting, which could let untrusted input control the destination hostname.

In a vulnerable setup, an attacker may force Fluentd to send requests to internal systems that are not exposed externally. In cloud environments, that could include metadata endpoints, internal APIs, or services that trust traffic from inside the network.

Fluentd 1.19.3 adds strict host validation for dynamic endpoints. The advisory also tells users to avoid dynamic hostnames, restrict outbound network access, and allow only approved hosts when placeholders must be used.

RiskLikely targetWhy it matters
Arbitrary file writeConfiguration files, plugin paths, writable service filesCan escalate to remote code execution in unsafe deployments
Information disclosureMonitor Agent APIMay expose credentials or internal plugin details
Memory exhaustionHTTP and forward inputsCan stop log collection and forwarding
SSRFInternal APIs and cloud metadata servicesCan expose internal data or cloud credentials

Which Systems Are Most Exposed

The highest-risk systems are Fluentd instances that accept logs from untrusted networks, internet-facing sources, partner systems, or loosely controlled Kubernetes workloads. The risk grows when those instances run with elevated privileges or broad filesystem write access.

Cloud and Kubernetes deployments need special attention because Fluentd often runs as part of centralized logging pipelines. If a compromised workload can send crafted tags or compressed payloads to a shared Fluentd collector, the attacker may be able to attack the logging layer rather than the original application.

The Fluentd project says most closed and trusted network deployments should have lower exposure, but maintainers still recommend applying the update or using advisory-specific mitigations when immediate patching is not possible.

What Administrators Should Do Now

The main fix is to upgrade Fluentd to 1.19.3 or later. Fluent Package users should move to fluent-package LTS v6.0.4, especially because older td-agent packages have already reached end of life and will not receive patched updates.

Admins should also review configurations that use dynamic placeholders, exposed input plugins, Monitor Agent, and HTTP output endpoints. The v1.19.3 release fixed the vulnerable behaviors, but unsafe network exposure can still create avoidable risk.

Security teams should treat log collectors as high-value infrastructure. Fluentd can see sensitive data, reach internal endpoints, and write to important directories, so it should not run with more access than it needs.

  • Upgrade Fluentd to version 1.19.3 or later.
  • Upgrade fluent-package LTS deployments to version 6.0.4.
  • Restrict in_http, in_forward, and in_monitor_agent to trusted networks.
  • Run Fluentd as a non-root user wherever possible.
  • Use shared_key authentication for trusted forward inputs.
  • Avoid dynamic hostnames in out_http endpoint settings.
  • Filter or normalize untrusted tags before they reach file output paths.
  • Block access to cloud metadata services unless Fluentd needs it.
  • Check logs for unusual tags, unexpected output paths, and crashes from memory pressure.

Older Fluentd Issues Still Matter

The latest fixes should also prompt teams to check their older vulnerability backlog. CVE-2022-39379 affected non-default Fluentd configurations where FLUENT_OJ_OPTION_MODE was set to object, allowing RCE through crafted JSON payloads.

Another older issue, CVE-2021-41186, affected the Apache log parser and could allow a regular expression denial-of-service attack. These older issues have patches, but they remain relevant for teams running outdated Fluentd builds or unsupported packages.

The newer disclosures show why version drift in logging infrastructure creates real risk. Logging agents often stay running for years with minimal attention, even though they process untrusted input and connect to sensitive internal systems.

Why This Fluentd Update Matters

The critical RCE bug is the headline issue, but the larger problem is the combination of data flow, trust boundaries, and permissions. Fluentd often receives data from many places, transforms it, writes it, and forwards it to other systems.

That makes placeholder handling and input validation especially important. A log tag or compressed body may look like ordinary operational data, but it can become an attack path when the collector uses it to build file paths, URLs, or routing decisions.

The CVE-2026-44160 fix and the CVE-2026-44161 fix show the same lesson from different angles: Fluentd deployments should not trust the shape, size, or routing value of data received from untrusted sources.

FAQ

What is the most serious Fluentd vulnerability fixed in version 1.19.3?

The most serious issue is CVE-2026-44024, a critical arbitrary file write vulnerability involving the ${tag} placeholder. In some configurations, it can escalate to remote code execution.

Which Fluentd versions are affected by the new vulnerabilities?

The advisories list Fluentd versions up to and including 1.19.2 as affected. Fluentd 1.19.3 is the patched version for the main issues covered here.

Can the Fluentd vulnerabilities be exploited remotely?

Yes, some issues can be exploited remotely if Fluentd is exposed to untrusted inputs or networks. The risk depends on configuration, plugin use, network exposure, and the privileges of the Fluentd process.

What is CVE-2026-44160 in Fluentd?

CVE-2026-44160 is a denial-of-service vulnerability in the in_http and in_forward plugins. Attackers can send highly compressed gzip data that expands in memory and can crash the Fluentd process.

How can administrators protect Fluentd deployments?

Administrators should upgrade to Fluentd 1.19.3 or later, restrict input plugins to trusted networks, run Fluentd as a non-root user, protect the Monitor Agent API, avoid unsafe dynamic placeholders, and review outbound access from Fluentd nodes.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages