CVE-2026-4818

MEDIUM

Search Guard FLX 3.0.0-4.0.1 - Unauthorized Data Stream Management

Title source: manual

Description

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.

References (2)

Core 2

Core References

https://search-guard.com/cve-advisory/

https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0

Scores

CVSS v3 6.8

EPSS 0.0019

EPSS Percentile 8.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-285 CWE-862

Status published

Products (2)

floragunn/Search Guard FLX 3.0.0 - 4.0.1

search-guard/flx 3.0.0 - 4.1.0

Published Mar 31, 2026

Tracked Since Mar 31, 2026