Fluent Bit, a widely deployed log-processing tool used in containers, Kubernetes DaemonSets, and major cloud platforms, has been found vulnerable to authentication bypass, file-write, and agent takeover attacks.
According to an Oligo Security analysis, disclosed in co-operation with Amazon Web Services (AWS), the tool was found vulnerable to five critical flaws that could allow full compromise of cloud infrastructure.
“Fluent Bit runs everywhere: AI labs, banks, car manufacturers, all the major cloud providers such as AWS, Google Cloud, and Microsoft Azure, and more,” Uri Katz, researcher at Oligo Security’s CTO Office, said in a blog post. “When a component this widespread and trusted fails, it doesn’t just expose individual systems; it threatens the stability of the cloud ecosystem.”
