elastic

256 tracked vulnerabilities.

CVE-2026-49091 HIGH
Improper Output Neutralization for Logs in Kibana Leading to Log Injection
Jul 01, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-49090 MEDIUM
Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service
Jul 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-56152 MEDIUM
Incorrect Authorization in Elastic Defend Leading to Information Disclosure
Jul 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-56151 MEDIUM
Improper Input Validation in Kibana Leading to Denial of Service
Jul 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-56150 MEDIUM
Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service
Jul 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-56149 MEDIUM
Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service
Jul 01, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-56148 MEDIUM
Uncontrolled Recursion in Elasticsearch Leading to Denial of Service
Jul 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49088 MEDIUM
Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure
Jul 01, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-49087 MEDIUM
Allocation of Resources Without Limits or Throttling in Kibana Leading to Denial of Service
Jul 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49095 MEDIUM
Improper Input Validation in Kibana Fleet Leading to Privilege Escalation
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49094 MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49093 MEDIUM
Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
May 28, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-42400 MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42399 MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42398 HIGH
Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
May 28, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-42401 MEDIUM
Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection
May 28, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-33464 MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33463 MEDIUM
Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access
May 28, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33462 MEDIUM
Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts
May 28, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-33467 MEDIUM
Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass
Apr 28, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-33466 HIGH
Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write
Apr 08, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-33459 MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Apr 08, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33458 MEDIUM
Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
Apr 08, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-4498 HIGH
Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope
Apr 08, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-33461 HIGH
Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
Apr 08, 2026
CVSS 7.7
EPSS 0.00