Skip to main content

Elastic CVE-2026-4819

| EUVDEUVD-2026-17507 MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2026-03-31 floragunn GHSA-vx77-83rf-gfvg
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 15:31 euvd
EUVD-2026-17507
Analysis Generated
Mar 31, 2026 - 15:31 vuln.today
CVE Published
Mar 31, 2026 - 14:57 nvd
MEDIUM 4.9

DescriptionCVE.org

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.

AnalysisAI

Search Guard FLX versions 1.0.0 through 4.0.1 leak user credentials into audit logs when users authenticate through Kibana, exposing plaintext authentication material to any system administrator or user with log access. The vulnerability requires high-privilege access to exploit and affects only confidentiality, but the presence of credentials in audit logs creates a persistent information disclosure risk that persists across backup and archival systems.

Technical ContextAI

Search Guard FLX is an authentication and authorization plugin for Elasticsearch and Kibana developed by floragunn. The audit logging feature (CWE-532: Insertion of Sensitive Information into Log File) fails to sanitize or filter user credentials during the authentication flow when users log into Kibana. The affected versions span from the initial 1.0.0 release through 4.0.1, covering a broad range of Elasticsearch/Kibana deployments using Search Guard for access control. The root cause is inadequate log scrubbing at the audit layer, where credential material from login requests is recorded verbatim rather than masked, hashed, or omitted.

RemediationAI

Upgrade Search Guard FLX to version 4.1.0 or later, which remediates the credential logging issue. See the changelog at https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0 for release details. In parallel, review and rotate any credentials that may have been logged in Elasticsearch audit logs from affected versions, particularly those visible in Kibana login events during the window of vulnerability exposure. If immediate upgrade is not feasible, implement access controls on audit logs to restrict viewing permissions to systems and personnel with legitimate operational need, and consider log retention minimization to reduce the persistence window of exposed credentials.

CVE-2015-1427 CRITICAL POC
9.8 Feb 17

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the s

CVE-2014-3120 HIGH POC
8.1 Jul 28

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut

CVE-2017-12629 CRITICAL POC
9.8 Oct 14

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi

CVE-2015-5531 MEDIUM POC
5.0 Aug 17

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp

CVE-2015-3337 MEDIUM POC
4.3 May 01

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, a

CVE-2019-7609 CRITICAL POC
10.0 Mar 25

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated criti

CVE-2020-7012 HIGH POC
8.8 Jun 03

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. Rated hig

CVE-2018-17246 CRITICAL POC
9.8 Dec 20

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. Rated critical s

CVE-2022-31115 HIGH POC
8.8 Jun 30

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. Rated high severity (CVSS 8.8), this vuln

CVE-2021-32743 HIGH POC
8.8 Jul 15

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generat

CVE-2023-43116 HIGH POC
7.8 Dec 22

A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the bu

CVE-2021-22146 HIGH POC
7.5 Jul 21

All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters.

Share

CVE-2026-4819 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy