What is the CVSS score of EUVD-2026-17507?

EUVD-2026-17507 has a CVSS 3.1 base score of 4.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Elastic EUVD-2026-17507

| CVE-2026-4819 MEDIUM

Insertion of Sensitive Information into Log File (CWE-532)

2026-03-31 floragunn

GHSA-vx77-83rf-gfvg

Information Disclosure Elastic

4.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 31, 2026 - 15:31 euvd

EUVD-2026-17507

Analysis Generated

Mar 31, 2026 - 15:31 vuln.today

CVE Published

Mar 31, 2026 - 14:57 nvd

MEDIUM 4.9

DescriptionNVD

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.

AnalysisAI

Search Guard FLX versions 1.0.0 through 4.0.1 leak user credentials into audit logs when users authenticate through Kibana, exposing plaintext authentication material to any system administrator or user with log access. The vulnerability requires high-privilege access to exploit and affects only confidentiality, but the presence of credentials in audit logs creates a persistent information disclosure risk that persists across backup and archival systems.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-42398 HIGH This Week

7.7 May 28

Server-side request forgery in Elastic Kibana allows authenticated users holding connector management privileges to bypa

CVE-2026-33464 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated low-privileged user to render the Kibana service unresponsive for a

CVE-2026-42399 MEDIUM This Month

6.5 May 28

Denial of service in Elastic Kibana allows an authenticated low-privileged user to crash the Kibana service and deny acc

CVE-2026-42400 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated user to crash or render unresponsive a Kibana instance by sending a

CVE-2026-49094 MEDIUM This Month

6.5 May 28

Denial of service in Kibana's analytics collections management endpoint allows any authenticated user with viewer-level

EUVD-2026-17507 vulnerability details – vuln.today

Back

Elastic EUVD-2026-17507

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code