Home / Security updates / CVE-2026-45393: Local privilege escalation to SYSTEM in Cribl Edge for Windows (HIGH)
CVE-2026-45393: Local privilege escalation to SYSTEM in Cribl Edge for Windows (HIGH)
Security updates detail rendered from /security-updates/upd_4dc0bed14b2a8f28.
Overview
| ID | upd_4dc0bed14b2a8f28 |
| Collection | Security Updates |
| Provider | TrustShare (TrustCloud / Kintent) |
| Company | Cribl |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_4dc0bed14b2a8f28 |
| providerId | trustshare |
| organizationId | org_db5a178977544c0d |
| trustCenterId | tc_3321b21a903010d8 |
| title | CVE-2026-45393: Local privilege escalation to SYSTEM in Cribl Edge for Windows (HIGH) |
| type | cve_publication |
| message | CVE-2026-45393 — Local privilege escalation to SYSTEM in Cribl Edge for Windows A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's authentication directory (CWE-276) expose a cryptographic secret used for JWT signing and password-hash derivation, enabling forgery of administrative API tokens. The forged token can then be used to invoke a pipeline function that reaches an OS command sink (CWE-78) running in the SYSTEM context. Severity: HIGH CVSS:3.1 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS:4.0 8.5 (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) Weaknesses: CWE-276 (Incorrect Default Permissions), CWE-78 (OS Command Injection) Affected: Cribl Edge for Windows versions before 4.17.1 Fixed in: Cribl Edge 4.17.1 Solution Upgrade Cribl Edge to v4.17.1 or higher. Upgrading fully resolves this vulnerability and no additional mitigation is required. References - https://www.cve.org/CVERecord?id=CVE-2026-45393 - https://docs.cribl.io/edge/release-notes/release-v4171#security-fixes Credit: Abdulaziz M. Almetairy, Saudi Aramco (external discovery) |
| publishedAt | 2026-06-02 |
| gated | no |
| source | {
"field": "trustshare/notifications[]"
} |
| company | {
"id": "org_db5a178977544c0d",
"name": "Cribl",
"domains": [
"trust.cribl.io",
"cribl.io"
]
} |
| trust_center | {
"id": "tc_3321b21a903010d8",
"name": "Cribl",
"url": "https://trust.cribl.io",
"host": "trust.cribl.io"
} |
| provider | {
"id": "trustshare",
"name": "TrustShare (TrustCloud / Kintent)"
} |
| links | {
"self": "/v1/security-updates/upd_4dc0bed14b2a8f28",
"company": "/v1/companies/org_db5a178977544c0d",
"trust_center": "/v1/trust-centers/tc_3321b21a903010d8",
"provider": "/v1/providers/trustshare"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_4dc0bed14b2a8f28JSON