CVE-2018-17246

CRITICAL EXPLOITED NUCLEI

Kibana <6.4.3, 5.6.13 - Code Injection

Title source: llm

Exploitation Summary

CVE-2018-17246 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including mpgn, Almandev. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC demonstrates a Local File Inclusion (LFI) vulnerability in Kibana versions < 6.4.3 and < 5.6.13, which can be exploited to execute arbitrary JavaScript files on the server. The exploit leverages path traversal to include a malicious JavaScript file, potentially leading to remote code execution (RCE) if combined with an unrestricted file upload vulnerability.

Description

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Exploits (2)

nomisec WORKING POC 66 stars

by mpgn · remote

https://github.com/mpgn/CVE-2018-17246

View Code ZIP pw:eip

This PoC demonstrates a Local File Inclusion (LFI) vulnerability in Kibana versions < 6.4.3 and < 5.6.13, which can be exploited to execute arbitrary JavaScript files on the server. The exploit leverages path traversal to include a malicious JavaScript file, potentially leading to remote code execution (RCE) if combined with an unrestricted file upload vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Kibana < 6.4.3 and < 5.6.13

No auth needed

Prerequisites: Unrestricted file upload or another vulnerability to write a file on the server · Network access to the Kibana server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by Almandev · poc

https://github.com/Almandev/Sub-folderFetcher

View Code ZIP pw:eip

This repository contains a bash script to fetch and extract a specific folder (kibana/CVE-2018-17246) from the Vulhub GitHub repository. It automates the download and extraction process for ease of use.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: GitHub repository (Vulhub)

No auth needed

Prerequisites: curl · unzip

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Kibana - Local File Inclusion

CRITICALby princechaddha,thelicato

Shodan: http.title:"kibana"

FOFA: title="kibana"

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106285

Vendor Advisory x_refsource_misc

https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHBA-2018:3743

Vendor Advisory x_refsource_confirm

https://www.elastic.co/community/security

Scores

CVSS v3 9.8

EPSS 0.8225

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-13

CWE

CWE-829 CWE-73

Status published

Products (2)

elastic/kibana 5.0.0 - 5.6.13

redhat/openshift_container_platform 3.11

Published Dec 20, 2018

Tracked Since Feb 18, 2026