Fluent Bit telemetry agent flaws multiple vulnerabilities path traversal flaw (CVE-2025-12972)
Vulnerability
Summary
Hide ▲
Show ▼
Fluent Bit has five newly disclosed vulnerabilities that can be chained to compromise cloud and Kubernetes infrastructure, including remote code execution, log tampering, and telemetry injection. The set includes CVE-2025-12972, a path traversal flaw, plus buffer overflow, tag spoofing, improper input validation, and missing-authentication issues. The issues were fixed in 4.1.1 and 4.0.12, and operators are being told to update quickly and harden routing and file paths. In exposed deployments, the flaws could let an attacker rewrite logs, inject false events, and expand access deeper into the environment.
Related Happenings
Palo Alto Networks GlobalProtect log search guidance for CVE-2026-0257
Advisory/Mitigation
H score35
First: 15.06.2026 09:17
Last: 15.06.2026 09:17
Sources 1
About this happening:
Palo Alto Networks is urging **GlobalProtect** customers to search logs for **successful gateway-connected events** tied to **CVE-2026-0257**, a step that can expose possible unau...
Palo Alto Networks GlobalProtect log search guidance for CVE-2026-0257
Advisory/MitigationAbout this happening: Palo Alto Networks is urging **GlobalProtect** customers to search logs for **successful gateway-connected events** tied to **CVE-2026-0257**, a step that can expose possible unau...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
H score52
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/MitigationAbout this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
Ghost CMS CVE-2026-26980 ClickFix campaign
Campaign
H score42
First: 24.05.2026 17:12
Last: 24.05.2026 17:12
Sources 1
About this happening:
A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...
Ghost CMS CVE-2026-26980 ClickFix campaign
CampaignAbout this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...
Langflow CVE-2026-33017 exploitation wave
Exploitation Wave
H score50
First: 20.03.2026 12:20
Last: 20.03.2026 12:20
Sources 1
About this happening:
**CVE-2026-33017** in **Langflow** is being exploited in a **wider exploitation wave** that now includes **Monero miner** delivery against **exposed AI application endpoints**. Th...
Langflow CVE-2026-33017 exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-33017** in **Langflow** is being exploited in a **wider exploitation wave** that now includes **Monero miner** delivery against **exposed AI application endpoints**. Th...
MongoDB CVE-2025-14847 active exploitation worldwide
Exploitation Wave
H score39
First: 29.12.2025 09:49
Last: 29.12.2025 09:49
Sources 1
About this happening:
**CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...
MongoDB CVE-2025-14847 active exploitation worldwide
Exploitation WaveAbout this happening: **CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...
Timeline
-
24.11.2025 17:03 2 articles · 7mo ago
Five Fluent Bit vulnerabilities disclosed
Initial DisclosureResearchers disclosed five Fluent Bit vulnerabilities, including CVE-2025-12972, CVE-2025-12970, CVE-2025-12978, CVE-2025-12977, and CVE-2025-12969, that can enable authentication bypass, path traversal, remote code execution, denial of service, log tampering, and telemetry injection against cloud and Kubernetes deployments. CERT/CC said many of the flaws require network access to a Fluent Bit instance, and AWS urged operators to update to versions 4.1.1 and 4.0.12 and harden tag routing, output paths, read-only configuration mounts, and non-root execution.
Show sources
- New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions — thehackernews.com — 24.11.2025 17:03
- New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions — thehackernews.com — 24.11.2025 17:03