A Session ID leak in the DEBUG log file in Graylog prior to 4.1.2 allows malicious users to escalate privileges (to the access level of the leaked session ID).
graylog graylog