Elastic has announced several critical vulnerabilities in its Kibana and Logstash products. The issues, outlined in six security bulletins published on 8 April 2026 (IDs 385811–385816), enable attackers to execute arbitrary code remotely, compromise data confidentiality and integrity, bypass security policies, cause remote denial‑of‑service, and otherwise disrupt services. Affected releases include Kibana 8.x before 8.9.14, 9.3.x before 9.3.3, and 9.x before 9.2.8; and Logstash 8.x before 8.9.13, 9.3.x before 9.3.3, and 9.x before 9.2.8. The advisory references CVE‑2015‑4152 and CVE‑2026‑33458 through CVE‑2026‑4498. Users are instructed to apply the vendor‑issued patches listed in the bulletins to mitigate the risks. These vulnerabilities affect the integrity of data, the confidentiality of information, and the overall security posture of installations. The advisory urges organizations using affected versions to review the security update documentation on Elastic’s discussion platform and apply the corresponding patches without delay.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.