Detections
Analytics

Logstash 8.x < 8.19.14 / 9.x < 9.2.8 / 9.3.x < 9.3.3 Path Traversal (ESA-2026-29)

critical Nessus Plugin ID 305951

Synopsis

The remote host is affected by a path traversal vulnerability.

Description

The version of Logstash installed on the remote host is 8.x prior to 8.19.14, 9.x prior to 9.2.8, or 9.3.x prior to 9.3.3. It is, therefore, affected by a path traversal vulnerability:

 - The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives.
 An attacker who can serve a specially crafted archive to Logstash through a compromised or attacker-controlled update endpoint can write arbitrary files to the host filesystem with the privileges of the Logstash process. In certain configurations where automatic pipeline reloading is enabled, this can be escalated to remote code execution. (CVE-2026-33466)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Logstash version 8.19.14, 9.2.8, 9.3.3, or later.

See Also

http://www.nessus.org/u?459f77d0

Plugin Details

Severity: Critical

ID: 305951

File Name: logstash_esa_2026_29.nasl

Version: 1.1

Type: Combined

Agent: unix

Family: Misc.

Published: 4/10/2026

Updated: 4/10/2026

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-33466

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:elasticsearch:logstash

Required KB Items: installed_sw/Logstash

Patch Publication Date: 4/8/2026

Vulnerability Publication Date: 4/8/2026

Reference Information

CVE: CVE-2026-33466

IAVB: 2026-B-0091