Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.
AnalysisAI
Search Guard FLX versions 3.0.0 through 4.0.1 allow authenticated users with insufficient privileges to execute unauthorized management operations on data streams due to improper access control, enabling privilege escalation with high confidentiality and integrity impact. The CVSS score of 6.8 reflects network accessibility and moderate attack complexity, with active data stream manipulation possible after authentication. No public exploit code or confirmed active exploitation has been identified at this time.
Technical ContextAI
Search Guard FLX is an Elasticsearch security plugin that provides authentication, authorization, and encryption capabilities. The vulnerability stems from CWE-285 (Improper Authorization), indicating a failure in the authorization mechanism that validates whether authenticated users possess the necessary privileges before permitting management operations on data streams. Data streams in Elasticsearch are a core feature for time-series data indexing. The authorization bypass allows authenticated users to circumvent role-based access control (RBAC) or similar privilege enforcement, executing privileged management commands on data stream resources that should be restricted to higher-privileged roles or administrators.
RemediationAI
Upgrade Search Guard FLX to version 4.1.0 or later to remediate this authorization bypass vulnerability. Organizations unable to upgrade immediately should implement network segmentation to restrict access to Search Guard FLX instances to trusted administrators only, and audit logs to detect unauthorized management operations on data streams. Review RBAC configurations to ensure data stream management permissions are narrowly scoped. Vendor guidance and detailed remediation information are available in the Search Guard security advisory (https://search-guard.com/cve-advisory/) and the 4.1.0 changelog (https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0).
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17506
GHSA-73g6-24f6-wqv9