CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/13 5:42 a.m.•6 views

BIT-KIBANA-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

OSV•added 2026/04/13 5:38 a.m.•6 views

BIT-ELK-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope

Positive Technologies•added 2026/04/13 12:0 a.m.•2 views

PT-2026-32409

Positive Technologies•added 2026/04/13 12:0 a.m.•1 views

Exploits0References3

PT-2026-32433

RedhatCVE•added 2026/04/09 7:23 p.m.•4 views

Exploits0References3

CVE-2026-4498

EUVD•added 2026/04/08 6:34 p.m.•4 views

EUVD-2026-20528

Vulnrichment•added 2026/04/08 4:38 p.m.•2 views

CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope

CVE•added 2026/04/08 4:38 p.m.•16 views

CVE-2026-4498

CVE-2026-4498 concerns Kibana, specifically the Fleet plugin, where execution with unnecessary privileges arises from Kibana’s Fleet debug route handlers. An authenticated Kibana user with Fleet sub-feature privileges (e.g., agents, agent policies, settings management) can read index data beyond ...

Exploits0References1Affected Software1

Cvelist•added 2026/04/08 4:38 p.m.•20 views

CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope

7.7CVSS0.003EPSS

Positive Technologies•added 2026/04/08 12:0 a.m.•5 views

PT-2026-31335

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Kibana’s Fleet plugin debug route handlers exhibit execution with unnecessary privileges, potentially allowing authenticated users with Fleet sub-feature privileges to read index data beyond...

CNNVD•added 2026/04/08 12:0 a.m.•6 views

Exploits0References7

Elastic Kibana Fleet 安全漏洞

Elastic Kibana Fleet is a component developed by the Dutch company Elastic, designed for centralized management and monitoring of Elastic Agents. There is a security vulnerability in Elastic Kibana Fleet, which stems from unnecessary permission executions. This vulnerability may lead to...

CNNVD•added 2025/05/16 12:0 a.m.•1 views

D-Link DI-7003G 安全漏洞

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. The D-Link DI-7003GV2 suffers from an information disclosure vulnerability, which stems from the file /index.data being insufficiently protected for sensitive information, and can be exploited by an attacker to cause information...

7.5CVSS6.2AI score0.01169EPSS

Exploits1References6

CNNVD•added 2024/12/12 12:0 a.m.•1 views

Microsoft Windows Defender 安全漏洞

Microsoft Windows Defender is a suite of antivirus software that comes with Windows systems from the American company Microsoft. Microsoft Windows Defender suffers from an authorization issue vulnerability that arises from improper authorization of an index containing sensitive information in a...

6.5CVSS6.2AI score0.01062EPSS

Cvelist•added 2023/10/16 9:33 p.m.•18 views

CVE-2023-45807 OpenSearch Issue with tenant read-only permissions

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

5.4CVSS5.4AI score0.0041EPSS

CNNVD•added 2023/06/16 12:0 a.m.•27 views

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from TYPO3 Association in Switzerland. A cross-site scripting vulnerability exists in TYPO3 versions 4.0.2 and earlier, 4.1.0 through 4.6.5, and 5.0.0 through 5.0.1, which stems from the kesearch extension that allows...

6.3CVSS6AI score0.00341EPSS