Overview
This advisory addresses a known security vulnerability identified in a third-party dependency used within DPGW.
Vulnerability Details
- CVE ID: CVE-2026-1225
- Dependency Name: logback-core
- Affected Version of Dependency: <=1.5.24
- Severity Score: 1.8 Low
Affected Versions of DPGW
- 1.13.13-REL – 1.13.14-REL
- <=1.12.37-REL
Risk Assessment & Applicability
Usage
DPGW utilizes the logback specifically for writing, rotating and managing log files.
Analysis
Logback.xml in our implementation is only reachable by system administrator that already has full access to the system.
We do not support access to the logback.xml file by any other means. Permissions on the logback.xml file are set to 644.
Status
Not Affected
Remediation & Mitigations
Planned Fix
We are scheduled to update this dependency in the 1.13.15-REL and 1.12.38-REL.
User Actions
No action required by users at this time