{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/kibana-8.x/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-42398"},{"cvss":6.3,"id":"CVE-2026-49093"},{"cvss":5.3,"id":"CVE-2026-33463"},{"cvss":6.5,"id":"CVE-2026-42399"},{"cvss":6.5,"id":"CVE-2026-49095"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Kibana (8.x)","Kibana (9.x)","Kibana"],"_cs_severities":["high"],"_cs_tags":["kibana","vulnerability","privilege escalation","denial of service","data breach","SSRF","XSS"],"_cs_type":"advisory","_cs_vendors":["Elastic"],"content_html":"\u003cp\u003eMultiple vulnerabilities have been discovered in Elastic Kibana, potentially leading to significant security risks. The vulnerabilities can allow an attacker to perform actions such as privilege escalation, remote denial of service (DoS), data breaches, server-side request forgery (SSRF), and cross-site scripting (XSS). These flaws affect Kibana versions 8.x prior to 8.19.16, versions 9.x prior to 9.3.5, and versions 9.4.x prior to 9.4.2. Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized access, disrupt services, or steal sensitive information. Elastic published security bulletins on May 28, 2026, addressing these issues and providing guidance for patching.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable Kibana instance running a version prior to 8.19.16, 9.3.5, or 9.4.2.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits CVE-2026-42398 (or another applicable vulnerability) to perform a SSRF attack.\u003c/li\u003e\n\u003cli\u003eUsing the SSRF vulnerability, the attacker bypasses security policies.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits CVE-2026-49093 (or another applicable vulnerability) to inject malicious JavaScript code via XSS.\u003c/li\u003e\n\u003cli\u003eA legitimate user interacts with the compromised Kibana interface, triggering the XSS payload.\u003c/li\u003e\n\u003cli\u003eThe injected JavaScript steals the user\u0026rsquo;s session cookies or other sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen credentials to elevate their privileges within the Kibana application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive data or disrupts Kibana services, leading to a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could lead to significant damage. An attacker could gain unauthorized access to sensitive data, leading to data breaches and compliance violations. Remote denial-of-service attacks could disrupt critical services and impact business operations. Privilege escalation could allow attackers to gain full control over the Kibana instance, potentially compromising the entire Elastic Stack environment. These vulnerabilities impact Kibana versions 8.x before 8.19.16, 9.x before 9.3.5, and 9.4.x before 9.4.2.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Kibana to version 8.19.16, 9.3.5, or 9.4.2 or later to patch the vulnerabilities mentioned in Elastic\u0026rsquo;s security bulletins (Bulletin de sécurité Elastic 386545, 386548, 386551, 386552, 386554, 386556, 386557, 386559, 386561, 386562).\u003c/li\u003e\n\u003cli\u003eDeploy web application firewall (WAF) rules to detect and block exploitation attempts targeting the vulnerabilities, specifically focusing on SSRF and XSS payloads.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity, such as unusual requests or attempts to access sensitive endpoints, to identify potential exploitation attempts (webserver category).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rules to detect potential exploitation attempts in your SIEM environment and tune them for your specific environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T14:40:44Z","date_published":"2026-05-29T14:40:44Z","id":"https://feed.craftedsignal.io/briefs/2026-05-elastic-kibana-vulns/","summary":"Multiple vulnerabilities in Elastic Kibana allow for privilege escalation, remote denial of service, data breach, server-side request forgery (SSRF), and cross-site scripting (XSS).","title":"Multiple Vulnerabilities in Elastic Kibana","url":"https://feed.craftedsignal.io/briefs/2026-05-elastic-kibana-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Kibana (8.x)","version":"https://jsonfeed.org/version/1.1"}