elastic
237 tracked vulnerabilities.
CVE-2026-33467
MEDIUM
Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass
Apr 28, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-33466
HIGH
Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write
Apr 08, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33459
MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Apr 08, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33458
MEDIUM
Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
Apr 08, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-4498
HIGH
Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope
Apr 08, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-33461
HIGH
Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
Apr 08, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-33460
MEDIUM
Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
Apr 08, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26940
MEDIUM
Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26939
MEDIUM
Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26933
MEDIUM
Improper Validation of Array Index in Packetbeat Leading to Denial of Service
Mar 19, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-26931
MEDIUM
Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service
Mar 19, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-26938
HIGH
Kibana - Authenticated Server-Side Request Forgery and Arbitrary File Read via Workflows Template Injection
Feb 26, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-26937
MEDIUM
Kibana 8.0.0-8.19.11 - Denial of Service via Timelion Input Data Manipulation
Feb 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26936
MEDIUM
Kibana AI Inference Anonymization - DoS
Feb 26, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-26935
MEDIUM
Kibana 8.4.0-8.19.12 - Denial of Service via Content Connectors Search Endpoint
Feb 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26934
MEDIUM
Kibana 8.18.0-8.19.11 - Authenticated Denial of Service via Input Data Manipulation
Feb 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0532
HIGH
Kibana 8.15.0-8.19.8, 9.0.0-9.1.8, 9.2.0-9.2.2 - Authenticated Arbitrary File Read and SSRF via Google Gemini Connector
Jan 14, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-0529
MEDIUM
Packetbeat 7.0.0-7.17.28, 8.0.0-8.19.8, 9.0.0-9.1.8, 9.2.0-9.2.2 - Denial of Service via MongoDB Protocol Parser
Jan 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0543
MEDIUM
Kibana 7.0.0-7.17.29 - Authenticated Denial of Service via Email Connector Address Parameter
Jan 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0531
MEDIUM
Kibana 7.10.0-7.17.29 - Authenticated Denial of Service via Bulk Retrieval Request
Jan 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0530
MEDIUM
Kibana 7.10.0-7.17.29 - Denial of Service via Fleet Resource Exhaustion
Jan 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0528
MEDIUM
Elastic Kibana < 7.17.29 - Improper Array Index Validation
Jan 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-68422
MEDIUM
Kibana 7.0.0-7.17.29 - Authenticated Privilege Escalation via Crafted HTTP Request
Dec 18, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-68390
MEDIUM
Elasticsearch 7.0.0-7.17.28 and 8.0.0-8.19.7 - Authenticated Denial of Service via Snapshot Restore Memory Allocation
Dec 18, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-68389
MEDIUM
Kibana 7.0.0-7.17.29 - Authenticated Denial of Service via Resource Exhaustion
Dec 18, 2025
CVSS 6.5
EPSS 0.00
Products
kibana 103
elasticsearch 47
Kibana 18
logstash 13
elastic_cloud_enterprise 9
x-pack 9
beats 7
Elastic X-Pack Security 6
elastic_agent 5
endpoint_security 5
enterprise_search 5
Logstash 4
Packetbeat 3
apm_agent 3
apm_server 3
APM Server 2
Elastic Defend 2
X-Pack Security 2
apm-server 2
elastic_app_search 2
elastic_beats 2
elastic_cloud_on_kubernetes 2
elasticsearch_x-pack 2
endgame 2
filebeat 2
kibana_x-pack 2
logstash_x-pack 2
Beats 1
Elastic Cloud Enterprise 1
Elastic Package Registry 1
Quick Filters