EUVD-2026-20525
GHSA-jf72-2wmj-p2f3
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
3Description
Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be accessible to users with higher-level settings privileges. The endpoint composes its response by fetching full configuration objects and returning them directly, bypassing the authorization checks enforced by the dedicated settings APIs.
Analysis
Authorization bypass in Elastic Kibana allows authenticated users with limited Fleet privileges to retrieve sensitive configuration data including private keys and authentication tokens through an internal API endpoint. The vulnerability affects network-accessible instances and bypasses intended privilege boundaries by returning full configuration objects without proper authorization checks. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Kibana instances in your environment and document their network accessibility and user privilege levels. Within 7 days: Restrict network access to Kibana to trusted networks only using firewall rules or reverse proxy authentication; audit Fleet privilege assignments and revoke unnecessary access. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today