What is the CVSS score of CVE-2026-33461?

CVE-2026-33461 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Elastic are affected by CVE-2026-33461?

CVE-2026-33461 affects Elastic Kibana and permits authenticated users with limited Fleet privileges to bypass authorization controls and access sensitive configuration data including private keys and…

Elastic CVE-2026-33461

EUVD-2026-20525 HIGH

Incorrect Authorization (CWE-863)

2026-04-08 elastic

GHSA-jf72-2wmj-p2f3

Authentication Bypass Information Disclosure Elastic

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 16:52 vuln.today

cvss_changed

EUVD ID Assigned

Apr 08, 2026 - 17:16 euvd

EUVD-2026-20525

Analysis Generated

Apr 08, 2026 - 17:16 vuln.today

CVE Published

Apr 08, 2026 - 16:41 nvd

HIGH 7.7

DescriptionNVD

Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be accessible to users with higher-level settings privileges. The endpoint composes its response by fetching full configuration objects and returning them directly, bypassing the authorization checks enforced by the dedicated settings APIs.

AnalysisAI

Authorization bypass in Elastic Kibana allows authenticated users with limited Fleet privileges to retrieve sensitive configuration data including private keys and authentication tokens through an internal API endpoint. The vulnerability affects network-accessible instances and bypasses intended privilege boundaries by returning full configuration objects without proper authorization checks. …

RemediationAI

Within 24 hours: Identify all Kibana instances in your environment and document their network accessibility and user privilege levels. Within 7 days: Restrict network access to Kibana to trusted networks only using firewall rules or reverse proxy authentication; audit Fleet privilege assignments and revoke unnecessary access. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-42398 HIGH This Week

7.7 May 28

Server-side request forgery in Elastic Kibana allows authenticated users holding connector management privileges to bypa

CVE-2026-33464 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated low-privileged user to render the Kibana service unresponsive for a

CVE-2026-42399 MEDIUM This Month

6.5 May 28

Denial of service in Elastic Kibana allows an authenticated low-privileged user to crash the Kibana service and deny acc

CVE-2026-42400 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated user to crash or render unresponsive a Kibana instance by sending a

CVE-2026-49094 MEDIUM This Month

6.5 May 28

Denial of service in Kibana's analytics collections management endpoint allows any authenticated user with viewer-level

CVE-2026-33461 vulnerability details – vuln.today

Back

Elastic CVE-2026-33461

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code