Opensearch Project Data Prepper
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Opensearch Project Data Prepper.
By the Year
In 2026 there have been 0 vulnerabilities in Opensearch Project Data Prepper. Last year, in 2025 Data Prepper had 1 security vulnerability published. Right now, Data Prepper is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 7.40 |
It may take a day or so for new Data Prepper vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Opensearch Project Data Prepper Security Vulnerabilities
OpenSearch Data Prepper <2.12.2 SSL Trust-All Bypass
CVE-2025-62371
7.4 - High
- October 15, 2025
OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugins would automatically use a trust all SSL strategy when connecting to OpenSearch clusters if no certificate path was explicitly configured. This behavior bypasses SSL certificate validation, potentially allowing attackers to intercept and modify data in transit through man-in-the-middle attacks. The vulnerability affects connections to OpenSearch when the cert parameter is not explicitly provided. This issue has been patched in version 2.12.2. As a workaround, users can add the cert parameter to their OpenSearch sink or source configuration with the path to the cluster's CA certificate.
Improper Certificate Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Opensearch Project Data Prepper or by Opensearch Project? Click the Watch button to subscribe.
