What is the CVSS score of CVE-2026-49095?

CVE-2026-49095 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.

Which versions of Kibana Fleet are affected by CVE-2026-49095?

Elastic Kibana's Fleet agent policy management feature contains a privilege escalation vulnerability (CVE-2026-49095, CVSS 7.2) allowing authenticated Fleet administrators to inject elevated…

Kibana Fleet CVE-2026-49095

EUVD-2026-33033 MEDIUM

Improper Input Validation (CWE-20)

2026-05-28 elastic

GHSA-p9vc-h7rw-q6hq

Privilege Escalation Elastic

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Severity Changed

May 28, 2026 - 21:22 NVD

HIGH MEDIUM

CVSS changed

May 28, 2026 - 21:22 NVD

7.2 (HIGH) 6.5 (MEDIUM)

Analysis Generated

May 28, 2026 - 21:21 vuln.today

DescriptionNVD

Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequately validated. An attacker can cause Elastic Agents to be issued API keys with elevated Elasticsearch privileges, potentially granting unauthorized read and write access to sensitive Elasticsearch security indices beyond what is intended for the Fleet management role.

AnalysisAI

Privilege escalation in Elastic Kibana's Fleet agent policy management feature allows authenticated Fleet administrators to inject unvalidated values into a configuration override mechanism, causing Elastic Agents to be provisioned with API keys carrying elevated Elasticsearch privileges. Successful exploitation yields unauthorized read/write access to sensitive Elasticsearch security indices beyond the Fleet role's intended scope. …

RemediationAI

Within 24 hours: Restrict Fleet administrator role to only essential personnel and audit recent Fleet policy modifications for suspicious API key injections. Within 7 days: Verify all Fleet-provisioned API keys have appropriate scope limitations aligned with least-privilege principles and enable Elasticsearch audit logging for security index access. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-42398 HIGH This Week

7.7 May 28

Server-side request forgery in Elastic Kibana allows authenticated users holding connector management privileges to bypa

CVE-2026-33464 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated low-privileged user to render the Kibana service unresponsive for a

CVE-2026-42399 MEDIUM This Month

6.5 May 28

Denial of service in Elastic Kibana allows an authenticated low-privileged user to crash the Kibana service and deny acc

CVE-2026-42400 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated user to crash or render unresponsive a Kibana instance by sending a

CVE-2026-49094 MEDIUM This Month

6.5 May 28

Denial of service in Kibana's analytics collections management endpoint allows any authenticated user with viewer-level

CVE-2026-49095 vulnerability details – vuln.today

Back

Kibana Fleet CVE-2026-49095

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code