Lucene search
K

7 matches found

OSV
OSV
added 2026/06/01 11:42 a.m.5 views

BIT-KIBANA-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 11:39 a.m.7 views

BIT-ELK-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 7:51 p.m.8 views

EUVD-2026-33035

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 7:51 p.m.28 views

CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 7:51 p.m.33 views

CVE-2026-49093

CVE-2026-49093 describes a Server-Side Request Forgery (SSRF) in Kibana that can be exploited by an authenticated user with connector management privileges to bypass the operator-configured allowlist and make Kibana issue outbound requests to blocked destinations. The issue affects Kibana 9.x ver...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44535

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated user with connector management privileges can perform a Server-Side Request Forgery SSRF, which is a flaw that allows an attacker to induce the server-side application to make...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/09 6:58 p.m.4 views

EUVD-2025-33585

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...

8.5CVSS6.2AI score0.0022EPSS
Exploits0References2
Rows per page
Query Builder