BIT-ELK-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

CVE-2026-33460

CVE-2026-33460 affects Kibana Fleet: an Incorrect Authorization (CWE-863) flaw allows cross-space information disclosure via a Privilege Abuse path. A user with Fleet agent management privileges in one Kibana space can query Fleet Server policy details from other spaces through an internal enroll...

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-25)

Incorrect Authorization in Kibana Fleet Leading to Information Disclosure Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy...