elastic
256 tracked vulnerabilities.
CVE-2026-49091
HIGH
Improper Output Neutralization for Logs in Kibana Leading to Log Injection
Jul 01, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-49090
MEDIUM
Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service
Jul 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-56152
MEDIUM
Incorrect Authorization in Elastic Defend Leading to Information Disclosure
Jul 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-56151
MEDIUM
Improper Input Validation in Kibana Leading to Denial of Service
Jul 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-56150
MEDIUM
Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service
Jul 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-56149
MEDIUM
Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service
Jul 01, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-56148
MEDIUM
Uncontrolled Recursion in Elasticsearch Leading to Denial of Service
Jul 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49088
MEDIUM
Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure
Jul 01, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-49087
MEDIUM
Allocation of Resources Without Limits or Throttling in Kibana Leading to Denial of Service
Jul 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49095
MEDIUM
Improper Input Validation in Kibana Fleet Leading to Privilege Escalation
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49094
MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49093
MEDIUM
Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
May 28, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-42400
MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42399
MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42398
HIGH
Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
May 28, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-42401
MEDIUM
Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection
May 28, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-33464
MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33463
MEDIUM
Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access
May 28, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33462
MEDIUM
Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts
May 28, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-33467
MEDIUM
Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass
Apr 28, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-33466
HIGH
Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write
Apr 08, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-33459
MEDIUM
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Apr 08, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33458
MEDIUM
Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
Apr 08, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-4498
HIGH
Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope
Apr 08, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-33461
HIGH
Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
Apr 08, 2026
CVSS 7.7
EPSS 0.00
Products
kibana 117
elasticsearch 50
Kibana 32
logstash 13
elastic_cloud_enterprise 9
x-pack 9
beats 7
Elastic X-Pack Security 6
endpoint_security 6
elastic_agent 5
enterprise_search 5
Logstash 4
Elastic Defend 3
Elasticsearch 3
Packetbeat 3
apm_agent 3
apm_server 3
APM Server 2
Fleet Server 2
X-Pack Security 2
apm-server 2
elastic_app_search 2
elastic_beats 2
elastic_cloud_on_kubernetes 2
elasticsearch_x-pack 2
endgame 2
filebeat 2
fleet_server 2
kibana_x-pack 2
logstash_x-pack 2
Quick Filters