CVE-2026-4799

MEDIUM

Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests

Title source: cna
STIX 2.1

Description

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.

References (2)

Core 2

Scores

CVSS v3 4.3
EPSS 0.0018
EPSS Percentile 7.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-601
Status published
Products (2)
floragunn/Search Guard FLX 1.0.0 - 4.0.1
search-guard/flx < 4.1.0
Published Mar 31, 2026
Tracked Since Mar 31, 2026