Security Advisory

CVE-2026-5025

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-27 14:43:00

Last updated 2026-03-27 15:38:54

Assigner tenable

State PUBLISHED

Description

The /logs and /logs-stream endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication (get_current_active_user) without any privilege checks (e.g., is_superuser).

← Browse all CVEs View on cve.org ↗