CVE-2026-4818

MEDIUM

Some management operations on data streams are not properly restricted when user does not have the necessary privileges

Title source: cna

Description

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.

References (2)

https://search-guard.com/cve-advisory/

https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0

Scores

CVSS v3 6.8

EPSS 0.0003

EPSS Percentile 9.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-285 CWE-862

Status published

Products (2)

floragunn/Search Guard FLX 3.0.0 - 4.0.1

search-guard/flx 3.0.0 - 4.1.0

Published Mar 31, 2026

Tracked Since Mar 31, 2026