Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2026/05/29 8:13 p.m.14 views

CVE-2026-42398

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.003EPSS
Exploits0References1
osv
osv
added 2026/05/28 7:51 p.m.2 views

CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS5.9AI score0.00199EPSS
Exploits0References3
osv
osv
added 2026/05/28 7:47 p.m.3 views

CVE-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS6AI score0.003EPSS
Exploits0References3
elastic
elastic
added 2026/05/28 7:26 p.m.18 views

Kibana 9.3.3 Security Update (ESA-2026-40)

Server-Side Request Forgery SSRF in Kibana Leading to Unauthorized Network Access Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound...

7.7CVSS5.8AI score0.00199EPSS
Exploits0
cnnvd
cnnvd
added 2026/05/28 12:0 a.m.10 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from server-side request forgeing. This vulnerability allows authenticated users with connector management privileges to bypass the connectio...

7.7CVSS5.8AI score0.003EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/16 8:38 a.m.8 views

CVE-2026-0532

A flaw was found in Kibana. This vulnerability allows an authenticated attacker, with privileges to create or modify connectors, to disclose arbitrary files. The attacker achieves this by submitting a specially crafted configuration for the Google Gemini connector, which the server processes...

8.6CVSS6AI score0.00417EPSS
Exploits1References4
cvelist
cvelist
added 2026/01/14 10:14 a.m.34 views

CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector

External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...

8.6CVSS0.00417EPSS
Exploits1References1
Rows per page
Query Builder