Skip to main content

Elastic

Vendor security scorecard – 59 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 108
59
CVEs
3
Critical
14
High
0
KEV
2
PoC
9
Unpatched C/H
37.3%
Patch Rate
0.1%
Avg EPSS

Severity Breakdown

CRITICAL
3
HIGH
14
MEDIUM
40
LOW
2

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-54350 {$exists:true}`) that override the builder's intended filter, returning or altering every document in a MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or JSON-body REST collection. A detailed working POC is published in the advisory; the issue is not in CISA KEV and EPSS is low (0.43%, 34th percentile), so this is publicly demonstrated but not yet confirmed as actively exploited. CRITICAL 9.8 0.4% 49
CVE-2026-31215 {index_name}/documents endpoint. The backend service fails to authenticate requests or validate the path_or_url parameter, enabling mass data destruction and denial of service. EPSS probability (0.12%) indicates low predicted exploitation likelihood, and no active exploitation or public exploit code has been identified at time of analysis, though the CVSS 9.1 reflects the severe impact of unauthenticated remote data deletion. CRITICAL 9.1 0.1% 46
No patch
CVE-2026-47835 NoSQL/query injection in Spring AI Vector Stores (1.0.0-1.0.8 and 1.1.0-1.1.7) allows remote unauthenticated attackers to inject special characters into vector-store inputs and force execution of arbitrary queries against Elasticsearch, OpenSearch, and GemFire VectorDB backends. The flaw resides in the spring-ai-elasticsearch-store, spring-ai-opensearch-store, and spring-ai-gemfire-store components, enabling information disclosure and limited integrity/availability impact against any application embedding Spring AI's vector-store abstraction. No public exploit identified at time of analysis, but the CVSS 8.6 (scope unchanged here, network vector, no privileges) makes this a high-priority patch for any Spring AI deployment ingesting untrusted text. HIGH 8.6 0.5% 43
CVE-2026-54008 Server-side request forgery in Open WebUI versions 0.9.5 and earlier allows authenticated OAuth users to read arbitrary internal HTTP responses by abusing the `_process_picture_url` function in `backend/open_webui/utils/oauth.py`, which validates only the initial URL and then permits aiohttp's default 10-redirect follow chain to reach internal addresses. The decoded response body is stored in the attacker's `profile_image_url` and retrievable via `GET /api/v1/auths/`, yielding cloud metadata credentials and access to localhost-bound services. Publicly available exploit code exists (detailed sentinel-verified PoC supplied by the reporter); no public exploit identified at time of analysis in the form of weaponized tooling, and the CVE is not on the CISA KEV list. HIGH 8.5 0.2% 43
CVE-2026-54320 Authentication bypass in Daytona prior to 0.184.0 allows attackers to join organizations via pending invitations using unverified email addresses. The invitation accept and decline paths failed to enforce email verification (unlike organization creation), so on OIDC identity providers permitting self-service signup with pre-verification sessions, an attacker registering an email matching a pending invite can claim it and inherit the assigned role - up to Owner. No public exploit identified at time of analysis, but the path to full Owner-level organization takeover makes this a high-priority fix. HIGH 8.4 0.2% 42
CVE-2026-49091 Log injection in Elastic Kibana (fixed in 7.17.15 and 8.11.1) allows an attacker with low-privilege access to embed unneutralized control characters in input that Kibana writes verbatim to its log files; when an operator later views those logs in a terminal that interprets ANSI/control sequences, the injected payload can forge, hide, or rewrite displayed log content. The issue is tracked as CWE-117 (Improper Output Neutralization for Logs) and carries a vendor CVSS of 8.0. There is no public exploit identified at time of analysis and it is not listed in CISA KEV. HIGH 8.0 0.2% 40
No patch
CVE-2026-28261 Local privilege escalation in Dell Elastic Cloud Storage (≤3.8.1.7) and ObjectScale (<4.1.0.3, =4.2.0.0) allows authenticated users with low privileges to extract credentials from log files and escalate to compromised account privileges. CVSS 7.8 (High). No public exploit identified at time of analysis. EPSS data not available, but local access requirement and low attack complexity suggest moderate exploitation likelihood in multi-tenant or shared administrative environments. HIGH 7.8 0.0% 39
CVE-2026-33461 Authorization bypass in Elastic Kibana allows authenticated users with limited Fleet privileges to retrieve sensitive configuration data including private keys and authentication tokens through an internal API endpoint. The vulnerability affects network-accessible instances and bypasses intended privilege boundaries by returning full configuration objects without proper authorization checks. CVSS score of 7.7 reflects high confidentiality impact with scope change. No public exploit identified at time of analysis, though the attack vector is straightforward for authenticated users. HIGH 7.7 0.1% 39
No patch
CVE-2026-4498 Authenticated Kibana users with Fleet management privileges can read Elasticsearch index data beyond their intended RBAC permissions through debug route handlers in the Fleet plugin. This scope bypass affects Elastic Kibana deployments where users hold Fleet sub-feature privileges (agent policies, settings management). The vulnerability requires low-privilege authentication (PR:L) and has network attack vector (AV:N) with low complexity (AC:L), enabling cross-scope data confidentiality breach (S:C/C:H). No public exploit identified at time of analysis. EPSS data not available, but the specific privilege escalation vector and remote exploitability warrant prioritization in Kibana Fleet deployments. HIGH 7.7 0.0% 39
No patch
CVE-2026-34936 Server-Side Request Forgery in PraisonAI's passthrough API allows authenticated remote attackers to access internal cloud metadata services and private network resources. The vulnerability affects the praisonai Python package where the passthrough() and apassthrough() functions accept unvalidated caller-controlled api_base parameters that are directly concatenated and passed to httpx requests. With default AUTH_ENABLED=False configuration, this is remotely exploitable to retrieve EC2 IAM credent HIGH 7.7 0.0% 39
CVE-2026-45338 Server-Side Request Forgery (SSRF) in Open WebUI versions ≤0.8.12 allows authenticated users with OAuth access to force the server to make HTTP requests to arbitrary internal resources and exfiltrate complete response data. Exploitation requires OAuth-enabled deployments with ENABLE_OAUTH_SIGNUP=true or OAUTH_UPDATE_PICTURE_ON_LOGIN=true. An attacker controls the OAuth provider's 'picture' claim URL, triggering server-side HTTP requests to cloud metadata services (AWS IMDS), localhost services (Redis, Elasticsearch), or internal network endpoints. The full response is base64-encoded and stored in the user's profile_image_url field, enabling complete data exfiltration. Fixed in version 0.9.0 per GitHub advisory GHSA-24c9-2m8q-qhmh. EPSS data not available; no CISA KEV listing indicates limited widespread exploitation, though publicly available proof-of-concept exists in the GitHub advisory. HIGH 7.7 0.0% 39
CVE-2026-42398 Server-side request forgery in Elastic Kibana allows authenticated users holding connector management privileges to bypass operator-configured egress allowlists by crafting a Webhook connector with an arbitrary target. The flaw enables Kibana to issue outbound HTTP requests to internal or otherwise restricted destinations, exposing sensitive data accessible from the Kibana host. No public exploit identified at time of analysis, and the vulnerability is not present on the CISA KEV list. HIGH 7.7 0.0% 39
No patch
CVE-2026-46487 Authorization bypass and information disclosure in GeoNetwork 4.x (4.0.0-alpha.1 through 4.4.10) lets an unauthenticated remote user retrieve restricted metadata records through the Elasticsearch-backed search API. Under certain request conditions the proxy layer skips the step that injects GeoNetwork's access-control filters, so requests reach the index without group-visibility, ownership, draft-exclusion, or portal filtering applied. There is no public exploit identified at time of analysis, but the flaw is unauthenticated and network-reachable on any public-facing instance, making disclosure of non-public catalog records trivial once the triggering condition is known. HIGH 7.5 &ndash; 38
CVE-2026-15746 Server-side request forgery in the strands-agents-tools elasticsearch_memory tool enables prompt-injection attacks that exfiltrate the operator's Elasticsearch API key to attacker-controlled infrastructure. Applications using strands-agents-tools prior to 0.7.0 that rely on the ELASTICSEARCH_API_KEY environment-variable fallback - rather than explicitly passing api_key - are exposed to credential theft when an attacker can influence LLM input. No public exploit code or CISA KEV listing has been identified at time of analysis, but the prompt-injection-to-SSRF primitive is well understood in the AI agent security community and the credential-theft impact warrants prompt remediation. MEDIUM 6.9 &ndash; 34
CVE-2026-32812 An unauthenticated Server-Side Request Forgery (SSRF) and Local File Read vulnerability exists in the Admidio SSO metadata fetch endpoint, which accepts arbitrary URLs via GET parameter and passes them directly to file_get_contents() after validating only with PHP's FILTER_VALIDATE_URL-a format checker that does not block dangerous URI schemes. An authenticated administrator can exploit this to read arbitrary local files (including database credentials from config.php), probe internal network services, or fetch cloud instance metadata (such as AWS IAM credentials from 169.254.169.254). A proof-of-concept demonstrating all attack vectors has been published; CVSS 6.8 reflects high confidentiality impact but is mitigated by the requirement for administrator privileges. MEDIUM 6.8 0.0% 34

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy