The advisories, published on January 14, 2026, affect multiple Kibana versions spanning from 7.x through 9.2.3, necessitating immediate patching across affected deployments.
The most severe flaw, CVE-2026-0532, has a CVSS score of 8.6 and combines external file path control with server-side request forgery.
The vulnerability resides in Kibana’s Google Gemini connector, allowing authenticated attackers with connector management privileges to craft malicious JSON payloads that can steal credentials and sensitive application data.
By exploiting improper validation mechanisms, threat actors can trigger arbitrary network requests and read sensitive files directly from affected systems, potentially exposing configuration files, credentials, and application data stored on vulnerable servers.
This attack vector requires authentication but poses a critical risk for organizations in which connector management permissions are widely distributed.
| CVE ID | CVSS Score | Severity | Vulnerability Type | CWE |
|---|---|---|---|---|
| CVE-2026-0532 | 8.6 | High | SSRF & File Disclosure | CWE-918, CWE-73 |
| CVE-2026-0543 | 6.5 | Medium | Improper Input Validation | CWE-20 |
| CVE-2026-0531 | 6.5 | Medium | Uncontrolled Resource Allocation | CWE-770 |
| CVE-2026-0530 | 6.5 | Medium | Uncontrolled Resource Allocation | CWE-770 |
Three medium-severity vulnerabilities introduce denial-of-service conditions via resource exhaustion mechanisms.
CVE-2026-0530 and CVE-2026-0531 stem from uncontrolled resource allocation in Kibana Fleet, permitting low-privilege viewers to craft specially formatted bulk retrieval requests that trigger redundant database operations.
These operations consume memory until the server crashes, rendering the platform unavailable to legitimate users.
Similarly, CVE-2026-0543 affects the Email Connector, where improper input validation on email address parameters results in excessive resource consumption and complete service unavailability.
The affected vulnerability chain indicates that organizations running unpatched Kibana installations face immediate exploitation risks from both external and internal threat actors.
Elastic recommends urgent upgrades to version 8.19.10, 9.1.10, or 9.2.4, depending on the deployment branch.
For organizations unable to upgrade immediately, Elastic provides limited mitigation options, including disabling specific connector types through the xpack.actions.enabledActionTypes configuration parameter.
Organizations should prioritize patching efforts based on their deployment architecture and exposure level, with particular attention to systems accessible from untrusted networks or shared multi-tenant environments where authenticated users may execute connector operations.
Notably, Elastic Cloud Serverless deployments received patches through continuous deployment models before public disclosure, shielding cloud-native users from exposure.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Elastic Patches Multiple Vulnerabilities Enabling Arbitrary File Theft and DoS Attacks appeared first on Cyber Security News.
Medical technology giant Stryker Corporation confirmed on March 11, 2026, that it suffered a significant…
GREELEY, Colo. (AP) — Thousands of workers for the world’s largest meatpacking company began a…
One of the state’s most unusual colleges, the aviation-heavy Daniel Webster College that lasted next…
Curled wood shavings sprinkled across Jim McLaughlin’s workspace, filling the cabin connected to the garage…
For more than 150 years, a small band of Loudon property owners who live along…
A Warner man was arrested on Saturday after crashing into a highway sign for the…
This website uses cookies.