Home / Security updates / CVE-2026-45392: DOM-based XSS in Cribl Stream (HIGH)
CVE-2026-45392: DOM-based XSS in Cribl Stream (HIGH)
Security updates detail rendered from /security-updates/upd_180ad64aedbba3e9.
Overview
| ID | upd_180ad64aedbba3e9 |
| Collection | Security Updates |
| Provider | TrustShare (TrustCloud / Kintent) |
| Company | Cribl |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_180ad64aedbba3e9 |
| providerId | trustshare |
| organizationId | org_db5a178977544c0d |
| trustCenterId | tc_3321b21a903010d8 |
| title | CVE-2026-45392: DOM-based XSS in Cribl Stream (HIGH) |
| type | cve_publication |
| message | CVE-2026-45392 — DOM-based XSS in Cribl Stream DOM-based cross-site scripting (XSS) in Cribl Stream before 4.17.1 allows a remote attacker to execute arbitrary JavaScript in the browser of an authenticated user who is tricked into visiting a crafted URL and interacting with the page. Severity: HIGH CVSS:3.1 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N) CVSS:4.0 7.1 (AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N) Weakness: CWE-79 (Cross-site Scripting) Affected: Cribl Stream versions before 4.17.1 Fixed in: Cribl Stream 4.17.1 Solution Upgrade Cribl Stream to v4.17.1 or higher. Upgrading fully resolves this vulnerability and no additional mitigation is required. As a defense-in-depth best practice (independent of this CVE), configuring a Content Security Policy header is recommended; see https://docs.cribl.io/stream/securing-sources-dest#csp for non-SSO and https://docs.cribl.io/stream/securing-sources-dest#saml-sso-configuration for SSO deployments. References - https://www.cve.org/CVERecord?id=CVE-2026-45392 - https://docs.cribl.io/stream/release-notes/release-v4171#security-fixes Credit: Frank Lycops and Filip Waeytens, NATO NCSC (external discovery) |
| publishedAt | 2026-06-02 |
| gated | no |
| source | {
"field": "trustshare/notifications[]"
} |
| company | {
"id": "org_db5a178977544c0d",
"name": "Cribl",
"domains": [
"trust.cribl.io",
"cribl.io"
]
} |
| trust_center | {
"id": "tc_3321b21a903010d8",
"name": "Cribl",
"url": "https://trust.cribl.io",
"host": "trust.cribl.io"
} |
| provider | {
"id": "trustshare",
"name": "TrustShare (TrustCloud / Kintent)"
} |
| links | {
"self": "/v1/security-updates/upd_180ad64aedbba3e9",
"company": "/v1/companies/org_db5a178977544c0d",
"trust_center": "/v1/trust-centers/tc_3321b21a903010d8",
"provider": "/v1/providers/trustshare"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_180ad64aedbba3e9JSON