7 matches found
BIT-KIBANA-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...
BIT-ELK-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...
EUVD-2026-33035
Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...
CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...
CVE-2026-49093
CVE-2026-49093 describes a Server-Side Request Forgery (SSRF) in Kibana that can be exploited by an authenticated user with connector management privileges to bypass the operator-configured allowlist and make Kibana issue outbound requests to blocked destinations. The issue affects Kibana 9.x ver...
PT-2026-44535
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated user with connector management privileges can perform a Server-Side Request Forgery SSRF, which is a flaw that allows an attacker to induce the server-side application to make...
EUVD-2025-33585
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...