CVE-2026-26939Missing Authorization in Kibana

CWE-862Missing AuthorizationCWE-1220Insufficient Granularity of Access Control5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 91.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedMar 19

Description

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDelastic/kibana8.0.08.19.12+2
CVEListV5elastic/kibana9.0.09.2.5+2

🔴Vulnerability Details

2
GHSA
GHSA-x4hf-rw83-jxhf: Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (hos2026-03-19
CVEList
Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration2026-03-19

📋Vendor Advisories

1
Red Hat
Kibana: Kibana: Unauthorized system control via missing authorization2026-03-19

🕵️Threat Intelligence

1
Wiz
CVE-2026-26939 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-26939 — Missing Authorization in Elastic | cvebase