28
CVEs
2
Critical
9
High
0
KEV
2
PoC
8
Unpatched C/H
39.3%
Patch Rate
0.2%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
9
MEDIUM
16
LOW
1
Monthly CVE Trend
Affected Products (14)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-25014 | A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic. | CRITICAL | 9.1 | 2.5% | 48 |
|
| CVE-2026-5417 | Server-side request forgery (SSRF) in Dataease SQLBot up to version 1.6.0 allows high-privileged remote attackers to manipulate the 'address' argument in the Elasticsearch Handler component (get_es_data_by_http function), enabling unauthorized HTTP requests to internal or external systems. The vulnerability has publicly available exploit code and vendor-released patch version 1.7.0 addresses the issue. | MEDIUM | 5.1 | 0.0% | 46 |
PoC
|
| CVE-2025-32777 | Volcano is a Kubernetes-native batch scheduling system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available. | HIGH | 8.2 | 0.7% | 42 |
|
| CVE-2026-28261 | Local privilege escalation in Dell Elastic Cloud Storage (≤3.8.1.7) and ObjectScale (<4.1.0.3, =4.2.0.0) allows authenticated users with low privileges to extract credentials from log files and escalate to compromised account privileges. CVSS 7.8 (High). No public exploit identified at time of analysis. EPSS data not available, but local access requirement and low attack complexity suggest moderate exploitation likelihood in multi-tenant or shared administrative environments. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-34936 | Server-Side Request Forgery in PraisonAI's passthrough API allows authenticated remote attackers to access internal cloud metadata services and private network resources. The vulnerability affects the praisonai Python package where the passthrough() and apassthrough() functions accept unvalidated caller-controlled api_base parameters that are directly concatenated and passed to httpx requests. With default AUTH_ENABLED=False configuration, this is remotely exploitable to retrieve EC2 IAM credentials via IMDSv1 (169.254.169.254) or reach internal services like Redis, Elasticsearch, and Kubernetes APIs within cloud VPCs. Public exploit code exists demonstrating localhost and metadata service access. EPSS data not available, not listed in CISA KEV. | HIGH | 7.7 | 0.0% | 39 |
|
| CVE-2026-33461 | Authorization bypass in Elastic Kibana allows authenticated users with limited Fleet privileges to retrieve sensitive configuration data including private keys and authentication tokens through an internal API endpoint. The vulnerability affects network-accessible instances and bypasses intended privilege boundaries by returning full configuration objects without proper authorization checks. CVSS score of 7.7 reflects high confidentiality impact with scope change. No public exploit identified at time of analysis, though the attack vector is straightforward for authenticated users. | HIGH | 7.7 | 0.1% | 38 |
No patch
|
| CVE-2026-4498 | Authenticated Kibana users with Fleet management privileges can read Elasticsearch index data beyond their intended RBAC permissions through debug route handlers in the Fleet plugin. This scope bypass affects Elastic Kibana deployments where users hold Fleet sub-feature privileges (agent policies, settings management). The vulnerability requires low-privilege authentication (PR:L) and has network attack vector (AV:N) with low complexity (AC:L), enabling cross-scope data confidentiality breach (S:C/C:H). No public exploit identified at time of analysis. EPSS data not available, but the specific privilege escalation vector and remote exploitability warrant prioritization in Kibana Fleet deployments. | HIGH | 7.7 | 0.0% | 38 |
No patch
|
| CVE-2024-43706 | CVE-2024-43706 is an improper authorization vulnerability in Kibana's Synthetic monitor endpoint that allows authenticated users to escalate privileges through direct HTTP requests. Attackers with low-level credentials can bypass access controls to perform unauthorized actions on synthetic monitoring functionality, potentially affecting confidentiality, integrity, and availability. While the CVSS 7.6 score indicates significant risk, real-world impact depends on deployment context and whether this vulnerability is actively exploited in the wild. | HIGH | 7.6 | 0.1% | 38 |
No patch
|
| CVE-2026-32812 | An unauthenticated Server-Side Request Forgery (SSRF) and Local File Read vulnerability exists in the Admidio SSO metadata fetch endpoint, which accepts arbitrary URLs via GET parameter and passes them directly to file_get_contents() after validating only with PHP's FILTER_VALIDATE_URL-a format checker that does not block dangerous URI schemes. An authenticated administrator can exploit this to read arbitrary local files (including database credentials from config.php), probe internal network services, or fetch cloud instance metadata (such as AWS IAM credentials from 169.254.169.254). A proof-of-concept demonstrating all attack vectors has been published; CVSS 6.8 reflects high confidentiality impact but is mitigated by the requirement for administrator privileges. | MEDIUM | 6.8 | 0.0% | 34 |
|
| CVE-2024-52979 | Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. | MEDIUM | 6.5 | 0.2% | 33 |
|
| CVE-2026-26940 | A Denial of Service vulnerability exists in Kibana's Timelion visualization plugin that allows authenticated users to trigger excessive memory allocation through improper validation of specially crafted Timelion expressions. An attacker with valid Kibana credentials can overwrite internal series data properties with excessively large quantity values, causing the application to exhaust system resources and become unavailable. This is a network-accessible vulnerability requiring low privileges with a CVSS score of 6.5 and documented as a confirmed denial-of-service attack vector affecting multiple active Kibana versions. | MEDIUM | 6.5 | 0.0% | 33 |
No patch
|
| CVE-2026-26939 | Kibana's Detection Rule Management lacks proper authorization controls, allowing authenticated users with rule management privileges to configure unauthorized endpoint response actions including host isolation and process termination. An attacker with these privileges could exploit this missing access control to execute sensitive endpoint operations beyond their intended scope. No patch is currently available for this medium-severity vulnerability affecting Elastic products. | MEDIUM | 6.5 | 0.0% | 33 |
No patch
|
| CVE-2026-33459 | Denial of service in Kibana's automatic import feature allows authenticated users to trigger uncontrolled resource consumption by submitting specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, backend services become unstable, resulting in service disruption across all users. CVSS 6.5 (medium severity) reflects the authenticated attack requirement and high availability impact without confidentiality or integrity compromise. | MEDIUM | 6.5 | 0.0% | 32 |
No patch
|
| CVE-2026-33458 | Server-Side Request Forgery in Kibana One Workflow allows authenticated users with workflow privileges to bypass host allowlist restrictions in the Workflows Execution Engine, enabling unauthorized access to sensitive internal endpoints and data disclosure. Affects Kibana versions 9.3.0 through 9.3.2. No public exploit code or active exploitation has been confirmed at time of analysis. | MEDIUM | 6.3 | 0.0% | 32 |
No patch
|
| CVE-2024-11390 | Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server. | MEDIUM | 5.4 | 0.3% | 27 |
|