Kibana 9.3.x < 9.3.3 SSRF (ESA-2026-40)

The version of Kibana installed on the remote host is 9.3.x prior to 9.3.3. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-40 advisory. - Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the...

CVE-2026-49093

creationtimestamp| type| source ---|---|--- 2026-05-29 14:45:15+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmyrmbdqgh2a...

CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

Kibana 9.3.3 Security Update (ESA-2026-40)

Server-Side Request Forgery SSRF in Kibana Leading to Unauthorized Network Access Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound...