7 matches found
BIT-KIBANA-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector
External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...
Kibana 8.x < 8.19.10 / 9.1.x < 9.1.10 / 9.2.x < 9.2.4 (ESA_2026_05)
The version of Kibana installed on the remote host is prior to 8.19.10, 9.1.10, or 9.2.4. It is, therefore, affected by a vulnerability as referenced in the ESA202605 advisory. - An external control of file name or path combined with a server-side request forgery SSRF vulnerability exists in the...
CVE-2026-0532
External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...
CVE-2026-0532
External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector
External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...
CVE-2026-0532
CVE-2026-0532 affects Kibana’s Google Gemini Connector. External control of a file name or path (CWE-73) combined with SSRF (CWE-918) enables an authenticated attacker with privileges to create/modify connectors to trigger arbitrary file reads and arbitrary network requests through a crafted cred...
PT-2026-2849
Name of the Vulnerable Software and Affected Versions Kibana versions prior to 8.19.10 Kibana versions prior to 9.1.10 Kibana versions prior to 9.2.4 Description An issue exists in Kibana where External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allo...