CVE-2026-4818— Some management operations on data streams are not properly restricted when user does not have the necessary privileges
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4818
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Some management operations on data streams are not properly restricted when user does not have the necessary privileges
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Search Guard FLX 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Search Guard FLX是德国Search Guard公司的一个加密、认证和授权系统。 Search Guard FLX 3.0.0至4.0.1版本存在安全漏洞,该漏洞源于权限不足的用户可能对数据流执行某些管理操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| floragunn | Search Guard FLX | 3.0.0 ~ 4.0.1 | - |
II. Public POCs for CVE-2026-4818
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4818
请登录查看更多情报信息。
Same Patch Batch · floragunn · 2026-03-31 · 3 CVEs total
| CVE-2026-4819 | 4.9 MEDIUM | Search Guard audit logs can contain under certain conditions user credentials |
| CVE-2026-4799 | 4.3 MEDIUM | Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests |
IV. Related Vulnerabilities
Same product: Search Guard FLX
- CVE-2026-4819
Search Guard audit logs can contain under certain conditions - CVE-2026-4799
Open redirect vulnerability in Search Guard Kibana Plugin vi - CVE-2025-13653
Unauthorized access to documents in data streams with specia - CVE-2025-12149
Unauthorized access to documents protected by Document-Level - CVE-2025-12148
Unauthorized access to fields protected by Field Masking (FM
Same vendor: floragunn
- CVE-2026-4819
Search Guard audit logs can contain under certain conditions - CVE-2026-4799
Open redirect vulnerability in Search Guard Kibana Plugin vi - CVE-2025-13653
Unauthorized access to documents in data streams with specia - CVE-2025-12149
Unauthorized access to documents protected by Document-Level - CVE-2025-12148
Unauthorized access to fields protected by Field Masking (FM
Same weakness: CWE-285
- CVE-2026-8241
Industrial Application Software IAS Canias ERP RMI iasGetSer - CVE-2026-42202
nova-toggle-5: Improper authorization on toggle endpoint all - CVE-2026-33823
Microsoft Team Events Portal Information Disclosure Vulnerab - CVE-2026-41572
Note Mark: Unauthenticated read of notes and assets in soft- - CVE-2026-7713
crocodilestick Calibre-Web-Automated Kobo auth-token Route k
V. Comments for CVE-2026-4818
No comments yet