EIP-2026-119386

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119386. PoCs published by Aamir Rehman.

AI-analyzed exploit summary This is a technical writeup detailing a CSV injection vulnerability in Kibana 6.6.1, where an attacker can inject malicious payloads into the 'Custom Label' field of visualizations, leading to arbitrary command execution when the CSV is downloaded and opened by a user.

Description

Kibana 6.6.1 - CSV Injection

Exploits (1)

exploitdb WRITEUP

by Aamir Rehman · textwebappswindows

https://www.exploit-db.com/exploits/47971

View Code ZIP pw:eip

This is a technical writeup detailing a CSV injection vulnerability in Kibana 6.6.1, where an attacker can inject malicious payloads into the 'Custom Label' field of visualizations, leading to arbitrary command execution when the CSV is downloaded and opened by a user.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Kibana v6.6.1

No auth needed

Prerequisites: Access to Kibana dashboard with edit privileges · User interaction to download and open the CSV file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Kibana 6.6.1 - CSV Injection

Exploitation Summary

Description

Exploits (1)

Details