Is CVE-2026-44024 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-44024 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-44024

A ${tag} placeholder in Fluentd's output path enables arbitrary file write on the host. The CNCF-graduated log collector running in millions of Kubernetes pods is the vulnerability.

2026

What WebPulse reported · 1 analysis

Fluentd RCE via Tag Injection (CVE-2026-44024, CVSS 9.8): The Observability Stack Just Became the Attack Surface

A ${tag} placeholder in Fluentd's output path enables arbitrary file write on the host. The CNCF-graduated log collector running in millions of Kubernetes pods

June 27, 2026

View CVE-2026-44024 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657