Lucene search
K

11 matches found

OSV
OSV
added 2026/06/01 11:42 a.m.7 views

BIT-KIBANA-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 11:39 a.m.7 views

BIT-ELK-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 9:16 p.m.13 views

CVE-2026-49095

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 7:48 p.m.39 views

CVE-2026-49095

Kibana Fleet policy management feature is affected by CVE-2026-49095 due to improper input validation (CWE-20). An authenticated user with Fleet management privileges can inject values into a configuration override mechanism, causing Elastic Agents to be issued API keys with elevated Elasticsearc...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/28 7:48 p.m.19 views

EUVD-2026-33033

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44537

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper input validation in the Kibana Fleet agent policy management feature allows an authenticated user with Fleet management privileges to escalate privileges. By injecting values into a...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2024-36559

Malicious code in bioql PyPI...

9.1CVSS8.9AI score0.01257EPSS
Exploits0References2
OSV
OSV
added 2024/11/16 7:11 a.m.11 views

BIT-KIBANA-2024-37285 Kibana arbitrary code execution via YAML deserialization

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

9.1CVSS9.4AI score0.01257EPSS
Exploits0References2
OSV
OSV
added 2024/11/16 7:8 a.m.10 views

BIT-ELK-2024-37285 Kibana arbitrary code execution via YAML deserialization

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

9.1CVSS9.4AI score0.01257EPSS
Exploits0References2
OSV
OSV
added 2024/11/14 4:49 p.m.4 views

CVE-2024-37285 Kibana arbitrary code execution via YAML deserialization

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

9.1CVSS7.9AI score0.01257EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.5 views

PT-2024-5984 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious us...

9.1CVSS7.6AI score0.01257EPSS
Exploits0References38
Rows per page
Query Builder