Skip to main content

Elastic CVE-2026-26939

| EUVDEUVD-2026-13143 MEDIUM
Missing Authorization (CWE-862)
2026-03-19 elastic
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 19, 2026 - 18:00 euvd
EUVD-2026-13143
Analysis Generated
Mar 19, 2026 - 18:00 vuln.today
CVE Published
Mar 19, 2026 - 17:11 nvd
MEDIUM 6.5

DescriptionCVE.org

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.

AnalysisAI

Kibana's Detection Rule Management lacks proper authorization controls, allowing authenticated users with rule management privileges to configure unauthorized endpoint response actions including host isolation and process termination. An attacker with these privileges could exploit this missing access control to execute sensitive endpoint operations beyond their intended scope. No patch is currently available for this medium-severity vulnerability affecting Elastic products.

Technical ContextAI

The vulnerability exists in Kibana's server-side Detection Rule Management API, which is responsible for managing detection rules and their associated response actions in Elastic's security platform. The root cause is classified as CWE-862 (Missing Authorization), where endpoint response action configuration endpoints fail to properly enforce access control lists (ACLs) as described in CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). Kibana (cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*) is the web interface and analytics platform for Elasticsearch that manages security detection rules and automated response capabilities. The authorization bypass allows authenticated users with legitimate rule management privileges to escalate their actions beyond their intended scope, specifically to configure response actions that should be restricted to higher-privileged roles.

RemediationAI

Immediately upgrade Kibana to version 8.19.12 or later for the 8.x branch, version 9.2.6 or later for the 9.0-9.2 branch, or version 9.3.1 or later for the 9.3 branch (see Elastic security advisory at https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530). As a temporary mitigation prior to patching, restrict Kibana rule management API access to trusted networks via network segmentation or reverse proxy rules, audit and minimize the number of users granted rule management privileges, and implement role-based access controls to ensure only senior security analysts or administrators can configure endpoint response actions. Monitor Kibana audit logs for unusual detection rule modifications or response action configurations by lower-privileged accounts.

CVE-2015-1427 CRITICAL POC
9.8 Feb 17

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the s

CVE-2014-3120 HIGH POC
8.1 Jul 28

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut

CVE-2017-12629 CRITICAL POC
9.8 Oct 14

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi

CVE-2015-5531 MEDIUM POC
5.0 Aug 17

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp

CVE-2015-3337 MEDIUM POC
4.3 May 01

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, a

CVE-2019-7609 CRITICAL POC
10.0 Mar 25

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated criti

CVE-2020-7012 HIGH POC
8.8 Jun 03

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. Rated hig

CVE-2018-17246 CRITICAL POC
9.8 Dec 20

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. Rated critical s

CVE-2022-31115 HIGH POC
8.8 Jun 30

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. Rated high severity (CVSS 8.8), this vuln

CVE-2021-32743 HIGH POC
8.8 Jul 15

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generat

CVE-2023-43116 HIGH POC
7.8 Dec 22

A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the bu

CVE-2021-22146 HIGH POC
7.5 Jul 21

All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters.

Vendor StatusVendor

Share

CVE-2026-26939 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy