Skip to main content

Elastic EUVD-2026-18515

| CVE-2026-5417 LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-02 VulDB GHSA-2v29-2pv7-f546
SSRF Elastic
2.0
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.0 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.1 (MEDIUM) 2.0 (LOW)
PoC Detected
Apr 03, 2026 - 16:10 vuln.today
Public exploit code
EUVD ID Assigned
Apr 02, 2026 - 19:01 euvd
EUVD-2026-18515
Analysis Generated
Apr 02, 2026 - 19:01 vuln.today
Patch released
Apr 02, 2026 - 19:01 nvd
Patch available
CVE Published
Apr 02, 2026 - 18:15 nvd
MEDIUM 5.1

DescriptionCVE.org

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.7.0 is capable of addressing this issue. You should upgrade the affected component. The vendor was contacted early about this disclosure.

AnalysisAI

Server-side request forgery (SSRF) in Dataease SQLBot up to version 1.6.0 allows high-privileged remote attackers to manipulate the 'address' argument in the Elasticsearch Handler component (get_es_data_by_http function), enabling unauthorized HTTP requests to internal or external systems. The vulnerability has publicly available exploit code and vendor-released patch version 1.7.0 addresses the issue.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment The CVSS v4.0 score of 5.1 with vector AV:N/AC:L/PR:H indicates a network-exploitable vulnerability requiring high-level privileges (PR:H), with low confidentiality, integrity, and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An administrator with high-level credentials (meeting the PR:H requirement) could supply a malicious 'address' parameter to the get_es_data_by_http function via the Elasticsearch Handler interface, causing the SQLBot server to initiate HTTP requests to internal systems (e.g., http://169.254.169.254/latest/meta-data/ for cloud metadata, or http://internal-database:5432 for internal service discovery). The public Notion-hosted proof-of-concept demonstrates this attack path, allowing reconnaissance of the internal network without direct access. …
Remediation Vendor-released patch: upgrade to Dataease SQLBot version 1.7.0 or later. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-47835 HIGH
8.6 Jun 15

NoSQL/query injection in Spring AI Vector Stores (1.0.0-1.0.8 and 1.1.0-1.1.7) allows remote unauthenticated attackers t

Share

EUVD-2026-18515 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy