Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd out_http output plugin allows placeholders such as ${tag} in the endpoint configuration parameter, and if a placeholder value is derived from untrusted input an attacker can control the destination hostname of outbound HTTP requests and force requests to arbitrary internal services. This issue is fixed in version 1.19.3.
History

Fri, 10 Jul 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Fluentd
Fluentd fluentd
Vendors & Products Fluentd
Fluentd fluentd

Thu, 09 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 08 Jul 2026 21:45:00 +0000

Type Values Removed Values Added
Description Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd out_http output plugin allows placeholders such as ${tag} in the endpoint configuration parameter, and if a placeholder value is derived from untrusted input an attacker can control the destination hostname of outbound HTTP requests and force requests to arbitrary internal services. This issue is fixed in version 1.19.3.
Title Fluentd: Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-07-08T21:25:43.892Z

Updated: 2026-07-09T14:40:31.700Z

Reserved: 2026-05-05T14:39:34.922Z

Link: CVE-2026-44161

cve-icon Vulnrichment

Updated: 2026-07-09T14:37:58.503Z

cve-icon NVD

No data.

cve-icon Redhat

No data.