What is the CVSS score of EUVD-2026-20528?

EUVD-2026-20528 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Elastic are affected by EUVD-2026-20528?

CVE-2026-4498 allows authenticated Kibana users with Fleet management privileges to bypass role-based access controls and read Elasticsearch data beyond their authorized scope through debug route…

Elastic EUVD-2026-20528

| CVE-2026-4498 HIGH

Execution with Unnecessary Privileges (CWE-250)

2026-04-08 elastic

GHSA-4c73-92cw-x6vq

Privilege Escalation Elastic

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Apr 08, 2026 - 17:16 euvd

EUVD-2026-20528

Analysis Generated

Apr 08, 2026 - 17:16 vuln.today

CVE Published

Apr 08, 2026 - 16:38 nvd

HIGH 7.7

DescriptionNVD

Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user with Fleet sub-feature privileges (such as agents, agent policies, and settings management).

AnalysisAI

Authenticated Kibana users with Fleet management privileges can read Elasticsearch index data beyond their intended RBAC permissions through debug route handlers in the Fleet plugin. This scope bypass affects Elastic Kibana deployments where users hold Fleet sub-feature privileges (agent policies, settings management). …

RemediationAI

Within 24 hours: Identify and document all Kibana users granted Fleet sub-feature privileges (agent policies, settings management) using role audit logs. Within 7 days: Review access logs for suspicious data queries from Fleet-privileged accounts and disable unnecessary Fleet privileges pending patch availability; implement network segmentation to restrict Kibana access to only required personnel. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-42398 HIGH This Week

7.7 May 28

Server-side request forgery in Elastic Kibana allows authenticated users holding connector management privileges to bypa

CVE-2026-33464 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated low-privileged user to render the Kibana service unresponsive for a

CVE-2026-42399 MEDIUM This Month

6.5 May 28

Denial of service in Elastic Kibana allows an authenticated low-privileged user to crash the Kibana service and deny acc

CVE-2026-42400 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated user to crash or render unresponsive a Kibana instance by sending a

CVE-2026-49094 MEDIUM This Month

6.5 May 28

Denial of service in Kibana's analytics collections management endpoint allows any authenticated user with viewer-level

EUVD-2026-20528 vulnerability details – vuln.today

Back

Elastic EUVD-2026-20528

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code