4 matches found
CVE-2026-4498
Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...
CVE-2026-4498
creationtimestamp| type| source ---|---|--- 2026-04-08 19:09:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miyylbxgtj2o 2026-04-08 23:32:47+00:00| seen| Telegram/ZztUGlJiiCH0mZAuu7v3RF9KN1NNH1hWH4kt4dDN5ep1QI 2026-04-09 09:00:49+00:00| seen|...
CVE-2026-4498
Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...
CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope
Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...