Find notable cyber news and cases, enriched with sources, timelines, and signals.

Fluent Bit telemetry agent flaws multiple vulnerabilities path traversal flaw (CVE-2025-12972)

Vulnerability
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

Fluent Bit has five newly disclosed vulnerabilities that can be chained to compromise cloud and Kubernetes infrastructure, including remote code execution, log tampering, and telemetry injection. The set includes CVE-2025-12972, a path traversal flaw, plus buffer overflow, tag spoofing, improper input validation, and missing-authentication issues. The issues were fixed in 4.1.1 and 4.0.12, and operators are being told to update quickly and harden routing and file paths. In exposed deployments, the flaws could let an attacker rewrite logs, inject false events, and expand access deeper into the environment.

Related Happenings

Palo Alto Networks GlobalProtect log search guidance for CVE-2026-0257

Advisory/Mitigation
H score35 First: 15.06.2026 09:17 Last: 15.06.2026 09:17 Sources 1

About this happening: Palo Alto Networks is urging **GlobalProtect** customers to search logs for **successful gateway-connected events** tied to **CVE-2026-0257**, a step that can expose possible unau...

SolarWinds Serv-U advisory and mitigations for CVE-2026-28318

Advisory/Mitigation
H score52 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...

Ghost CMS CVE-2026-26980 ClickFix campaign

Campaign
H score42 First: 24.05.2026 17:12 Last: 24.05.2026 17:12 Sources 1

About this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...

Langflow CVE-2026-33017 exploitation wave

Exploitation Wave
H score50 First: 20.03.2026 12:20 Last: 20.03.2026 12:20 Sources 1

About this happening: **CVE-2026-33017** in **Langflow** is being exploited in a **wider exploitation wave** that now includes **Monero miner** delivery against **exposed AI application endpoints**. Th...

MongoDB CVE-2025-14847 active exploitation worldwide

Exploitation Wave
H score39 First: 29.12.2025 09:49 Last: 29.12.2025 09:49 Sources 1

About this happening: **CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...

Timeline

  1. 24.11.2025 17:03 2 articles · 7mo ago

    Five Fluent Bit vulnerabilities disclosed

    Initial Disclosure

    Researchers disclosed five Fluent Bit vulnerabilities, including CVE-2025-12972, CVE-2025-12970, CVE-2025-12978, CVE-2025-12977, and CVE-2025-12969, that can enable authentication bypass, path traversal, remote code execution, denial of service, log tampering, and telemetry injection against cloud and Kubernetes deployments. CERT/CC said many of the flaws require network access to a Fluent Bit instance, and AWS urged operators to update to versions 4.1.1 and 4.0.12 and harden tag routing, output paths, read-only configuration mounts, and non-root execution.

    Show sources