BIT-KIBANA-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector
External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...