The French cyber security agency has issued an alert that multiple security vulnerabilities have been found in Elastic Kibana. The issues can lead to data integrity loss, data confidentiality breaches, security policy circumvention, remote denial‑of‑service, server‑side request forgery, remote cross‑site scripting, and privilege escalation. The affected releases include Kibana 8.x prior to 8.19.16, 9.4.x prior to 9.4.2, and 9.x prior to 9.3.5. The agency recommends applying the vendor’s security patches, as detailed in the Elastic security bulletins linked in the alert. Vulnerabilities are catalogued under CVE‑2026‑33462, CVE‑2026‑33463, CVE‑2026‑33464, CVE‑2026‑42398, CVE‑2026‑42399, CVE‑2026‑42400, CVE‑2026‑42401, CVE‑2026‑49093, CVE‑2026‑49094, and CVE‑2026‑49095. These vulnerabilities could be exploited by attackers to gain unauthorized access to Kibana dashboards or to disrupt service. Users are advised to verify their current Kibana version and apply the latest patch from Elastic as soon as possible.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.