CVE-2026-0532Server-Side Request Forgery in Kibana

CWE-918Server-Side Request Forgery5 documents5 sources
Severity
8.6HIGHNVD
EPSS
0.0%
top 86.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedJan 14

Description

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

CVEListV5elastic/kibana8.15.08.19.9+2

🔴Vulnerability Details

2
GHSA
GHSA-pgjq-pwjv-wjpx: External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file discl2026-01-14
CVEList
External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector2026-01-14

📋Vendor Advisories

1
Red Hat
Kibana: Kibana: Arbitrary file disclosure via specially crafted connector configuration2026-01-14

🕵️Threat Intelligence

1
Wiz
CVE-2026-0532 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-0532 — Server-Side Request Forgery in Elastic | cvebase