CVE-2026-4818

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams...

CVE-2026-4819

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana...

CVE-2026-4818 Some management operations on data streams are not properly restricted when user does not have the necessary privileges

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams...

CVE-2026-4818

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams...

PT-2026-29280

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams...

PT-2026-29281

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana...

Search Guard FLX 安全漏洞

Search Guard FLX is an encryption, authentication, and authorization system developed by the German company Search Guard. Versions 1.0.0 to 4.0.1 of Search Guard FLX contain security vulnerabilities, as the audit log function may record credentials of users who log in to Kibana...

CVE-2025-13653

In the provided connected documents, CVE-2025-13653 affects Search Guard FLX versions 3.1.0 through 4.0.0 when enterprise modules are disabled. The issue allows authenticated users to issue specially crafted requests to read documents from data streams without the required privileges, leading to ...

CVE-2025-13653 Unauthorized access to documents in data streams with specially crafted requests

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

PT-2025-48533

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

CVE-2025-12149 Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents

In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security DLS is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices...

PT-2025-46956

Name of the Vulnerable Software and Affected Versions Search Guard FLX versions 3.1.2 and earlier Description In Search Guard FLX versions 3.1.2 and earlier, Document-Level Security DLS is not enforced when a search is initiated from a Signals watch, potentially granting access to all documents...