16
CVEs
1
Critical
4
High
0
KEV
0
PoC
1
Unpatched C/H
50.0%
Patch Rate
0.2%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
4
MEDIUM
11
LOW
0
Monthly CVE Trend
Affected Products (30)
Kibana
73
Elasticsearch
44
Cloud Foundry Elastic Runtime
23
Elastic Services Controller
19
Cloud Foundry Uaa
11
Java
10
Open Redirect
9
Peoplesoft Enterprise Peopletools
9
Cf Release
8
Python
8
Redis
8
Cloud Foundry
7
Elastic Storage Server
6
Cloud Foundry Uaa Bosh
6
Elastic Cloud Enterprise
6
Cloud Foundry Ops Manager
5
Elastic Agent
5
Openshift Container Platform
5
Opensearch
5
Communications Cloud Native Core Automated Test Suite
4
Kubernetes
4
Docker
4
Enterprise Search
4
Logstash
4
Mattermost
3
X Pack
3
Prototype Pollution
3
PHP
3
Tomcat
3
Endpoint Security
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-54350 | {$exists:true}`) that override the builder's intended filter, returning or altering every document in a MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or JSON-body REST collection. A detailed working POC is published in the advisory; the issue is not in CISA KEV and EPSS is low (0.43%, 34th percentile), so this is publicly demonstrated but not yet confirmed as actively exploited. | CRITICAL | 9.8 | 0.4% | 49 |
|
| CVE-2026-54008 | Server-side request forgery in Open WebUI versions 0.9.5 and earlier allows authenticated OAuth users to read arbitrary internal HTTP responses by abusing the `_process_picture_url` function in `backend/open_webui/utils/oauth.py`, which validates only the initial URL and then permits aiohttp's default 10-redirect follow chain to reach internal addresses. The decoded response body is stored in the attacker's `profile_image_url` and retrievable via `GET /api/v1/auths/`, yielding cloud metadata credentials and access to localhost-bound services. Publicly available exploit code exists (detailed sentinel-verified PoC supplied by the reporter); no public exploit identified at time of analysis in the form of weaponized tooling, and the CVE is not on the CISA KEV list. | HIGH | 8.5 | 0.2% | 43 |
|
| CVE-2026-54320 | Authentication bypass in Daytona prior to 0.184.0 allows attackers to join organizations via pending invitations using unverified email addresses. The invitation accept and decline paths failed to enforce email verification (unlike organization creation), so on OIDC identity providers permitting self-service signup with pre-verification sessions, an attacker registering an email matching a pending invite can claim it and inherit the assigned role - up to Owner. No public exploit identified at time of analysis, but the path to full Owner-level organization takeover makes this a high-priority fix. | HIGH | 8.4 | 0.2% | 42 |
|
| CVE-2026-49091 | Log injection in Elastic Kibana (fixed in 7.17.15 and 8.11.1) allows an attacker with low-privilege access to embed unneutralized control characters in input that Kibana writes verbatim to its log files; when an operator later views those logs in a terminal that interprets ANSI/control sequences, the injected payload can forge, hide, or rewrite displayed log content. The issue is tracked as CWE-117 (Improper Output Neutralization for Logs) and carries a vendor CVSS of 8.0. There is no public exploit identified at time of analysis and it is not listed in CISA KEV. | HIGH | 8.0 | 0.2% | 40 |
No patch
|
| CVE-2026-46487 | Authorization bypass and information disclosure in GeoNetwork 4.x (4.0.0-alpha.1 through 4.4.10) lets an unauthenticated remote user retrieve restricted metadata records through the Elasticsearch-backed search API. Under certain request conditions the proxy layer skips the step that injects GeoNetwork's access-control filters, so requests reach the index without group-visibility, ownership, draft-exclusion, or portal filtering applied. There is no public exploit identified at time of analysis, but the flaw is unauthenticated and network-reachable on any public-facing instance, making disclosure of non-public catalog records trivial once the triggering condition is known. | HIGH | 7.5 | – | 38 |
|
| CVE-2026-15746 | Server-side request forgery in the strands-agents-tools elasticsearch_memory tool enables prompt-injection attacks that exfiltrate the operator's Elasticsearch API key to attacker-controlled infrastructure. Applications using strands-agents-tools prior to 0.7.0 that rely on the ELASTICSEARCH_API_KEY environment-variable fallback - rather than explicitly passing api_key - are exposed to credential theft when an attacker can influence LLM input. No public exploit code or CISA KEV listing has been identified at time of analysis, but the prompt-injection-to-SSRF primitive is well understood in the AI agent security community and the credential-theft impact warrants prompt remediation. | MEDIUM | 6.9 | – | 34 |
|
| CVE-2026-35211 | Elasticsearch Painless script injection via OpenCTI's GraphQL API allows any authenticated user holding the KNOWLEDGE capability to submit computationally expensive, unvalidated scripts that saturate Elasticsearch cluster CPU, degrading or denying service for the entire platform. All OpenCTI deployments prior to version 7.260401.0 are affected, with the vulnerability residing in the exposed 'script' FilterOperator of the GraphQL API. No public exploit code or CISA KEV listing is confirmed at time of analysis; a vendor-released patch is available in version 7.260401.0. | MEDIUM | 6.5 | 0.4% | 33 |
|
| CVE-2026-56148 | Denial of service in Elasticsearch allows any authenticated user to crash an affected cluster node by submitting a specially crafted query that triggers uncontrolled recursion during query processing. Excessive resource consumption during request handling can render the targeted node unavailable, disrupting search and indexing operations for all dependent applications. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the low privilege requirement makes it accessible to any user with query access. | MEDIUM | 6.5 | 0.3% | 33 |
No patch
|
| CVE-2026-49087 | Denial of service in Kibana allows any authenticated user with low-privilege access to exhaust server resources via a specially crafted bulk deletion request, potentially rendering the Kibana interface completely unavailable. Affected are Kibana deployments prior to versions 8.19.15 and 9.3.4 across both the 8.x and 9.x release branches. The vulnerability requires no special configuration to be present and no user interaction beyond submitting the malicious request, making it reliably triggerable by any valid Kibana account holder. No public exploit or CISA KEV listing identified at time of analysis. | MEDIUM | 6.5 | 0.2% | 33 |
No patch
|
| CVE-2026-56151 | Fleet policy management in Kibana is vulnerable to denial of service through insufficient validation of user-supplied policy inputs. An authenticated Kibana user with Fleet write access can submit a specially crafted Fleet policy input that bypasses server-side validation, rendering Fleet agent management, server operations, and policy configuration unavailable. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV; however, the low authentication bar (any valid low-privilege account) and network accessibility make it a meaningful operational risk for organizations relying on Elastic Agent deployments. | MEDIUM | 6.5 | 0.2% | 33 |
No patch
|
| CVE-2026-49090 | Sustained CPU exhaustion in Elasticsearch allows an authenticated low-privilege user to render an affected node unresponsive by submitting a specially crafted bulk request to the _bulk API endpoint. The root cause is CWE-400 (Uncontrolled Resource Consumption), whereby the bulk request processing path fails to bound CPU allocation per request, aligning with CAPEC-130 (Excessive Allocation). No public exploit identified at time of analysis, and no KEV listing exists; however, the low attack complexity and standard network accessibility of the bulk API make this a credible insider or compromised-credential threat in production environments. | MEDIUM | 6.5 | 0.2% | 33 |
No patch
|
| CVE-2026-54323 | Git credential exposure in Daytona's daemon (all versions prior to 0.185.0) allows a network-positioned attacker to silently harvest HTTP Basic Authorization headers by exploiting a complete absence of TLS certificate validation on both the go-git and native git CLI clone code paths. An attacker with man-in-the-middle capability on clone traffic can present any fraudulent TLS certificate, capture the Git credentials supplied for the clone, and simultaneously inject tampered repository content into the execution sandbox - threatening both credential confidentiality and supply-chain integrity of AI-generated code workflows. No public exploit or active exploitation has been identified at time of analysis; a vendor-released fix is available in version 0.185.0. | MEDIUM | 5.9 | 0.1% | 30 |
|
| CVE-2026-56152 | Incorrect Authorization (CWE-863) in Elastic Defend exposes response action data to low-privileged authenticated users who should not have access to it. The flaw, classified under CAPEC-1, arises because access controls on specific functionality are not properly enforced, allowing a user with minimal privileges to read security response action data belonging to other users or roles. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog, but the High confidentiality impact (CVSS C:H) means sensitive endpoint response data - such as isolation actions, process kills, or file retrieval outputs - could be disclosed. | MEDIUM | 5.3 | 0.2% | 27 |
No patch
|
| CVE-2026-46453 | Authorization bypass in Apache Camel's camel-elasticsearch-rest-client component allows unauthenticated remote attackers to override Elasticsearch query operations by injecting HTTP headers. Because the component uses unprefixed header constants ('SEARCH_QUERY', 'OPERATION', 'INDEX_NAME', 'INDEX_SETTINGS', 'ID') that are not blocked by Camel's inbound HttpHeaderFilterStrategy - which filters only 'Camel'-prefixed names - any HTTP client reaching a Camel route that fronts an elasticsearch-rest-client producer can substitute their own query body, operation type, or target index. Practical outcomes include full index enumeration via match_all, targeted document deletion, and field-level data exfiltration. No public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV, but the attack requires no credentials and is trivially reproducible from the description alone. | MEDIUM | 5.3 | 0.2% | 27 |
|
| CVE-2026-56149 | Elasticsearch's machine learning API contains an unbounded resource allocation flaw that allows an authenticated user with elevated privileges to crash an affected node by submitting a specially crafted ML request over the network. The absence of throttling or quota enforcement on ML request memory consumption (CWE-770) means the node's JVM heap can be exhausted, rendering it unavailable without any confidentiality or integrity exposure. No public exploit code has been identified at the time of analysis, and this vulnerability does not appear in the CISA KEV catalog. | MEDIUM | 4.9 | 0.3% | 25 |
No patch
|