The advisories, published on January 14, 2026, affect multiple Kibana versions spanning from 7.x through 9.2.3, necessitating immediate patching across affected deployments.
The most severe flaw, CVE-2026-0532, has a CVSS score of 8.6 and combines external file path control with server-side request forgery.
The vulnerability resides in Kibana’s Google Gemini connector, allowing authenticated attackers with connector management privileges to craft malicious JSON payloads that can steal credentials and sensitive application data.
By exploiting improper validation mechanisms, threat actors can trigger arbitrary network requests and read sensitive files directly from affected systems, potentially exposing configuration files, credentials, and application data stored on vulnerable servers.
This attack vector requires authentication but poses a critical risk for organizations in which connector management permissions are widely distributed.
| CVE ID | CVSS Score | Severity | Vulnerability Type | CWE |
|---|---|---|---|---|
| CVE-2026-0532 | 8.6 | High | SSRF & File Disclosure | CWE-918, CWE-73 |
| CVE-2026-0543 | 6.5 | Medium | Improper Input Validation | CWE-20 |
| CVE-2026-0531 | 6.5 | Medium | Uncontrolled Resource Allocation | CWE-770 |
| CVE-2026-0530 | 6.5 | Medium | Uncontrolled Resource Allocation | CWE-770 |
Three medium-severity vulnerabilities introduce denial-of-service conditions via resource exhaustion mechanisms.
CVE-2026-0530 and CVE-2026-0531 stem from uncontrolled resource allocation in Kibana Fleet, permitting low-privilege viewers to craft specially formatted bulk retrieval requests that trigger redundant database operations.
These operations consume memory until the server crashes, rendering the platform unavailable to legitimate users.
Similarly, CVE-2026-0543 affects the Email Connector, where improper input validation on email address parameters results in excessive resource consumption and complete service unavailability.
The affected vulnerability chain indicates that organizations running unpatched Kibana installations face immediate exploitation risks from both external and internal threat actors.
Elastic recommends urgent upgrades to version 8.19.10, 9.1.10, or 9.2.4, depending on the deployment branch.
For organizations unable to upgrade immediately, Elastic provides limited mitigation options, including disabling specific connector types through the xpack.actions.enabledActionTypes configuration parameter.
Organizations should prioritize patching efforts based on their deployment architecture and exposure level, with particular attention to systems accessible from untrusted networks or shared multi-tenant environments where authenticated users may execute connector operations.
Notably, Elastic Cloud Serverless deployments received patches through continuous deployment models before public disclosure, shielding cloud-native users from exposure.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Elastic Patches Multiple Vulnerabilities Enabling Arbitrary File Theft and DoS Attacks appeared first on Cyber Security News.
The malicious npm package js-logger-pack (versions up to 1.1.27) has evolved, turning Hugging Face into…
The malicious npm package js-logger-pack (versions up to 1.1.27) has evolved, turning Hugging Face into…
The malicious npm package js-logger-pack (versions up to 1.1.27) has evolved, turning Hugging Face into…
Tension: Being indispensable at work doesn’t guarantee meaningful connections outside of it. Noise: We mistake…
Editor’s note: This article was originally written by Justin Brown and has been updated in…
DC Universe chief James Gunn has confirmed that upcoming movie Clayface, which just received its…
This website uses cookies.