Vulnerability Key Information Summary Vulnerability Overview Name: Server-Side Request Forgery (SSRF) in Kibana One Workflow (Kibana One Workflow 中的服务器端请求伪造) Type: CWE-918 - Server-Side Request Forgery (SSRF) Description: An SSRF vulnerability exists in Kibana One Workflow. Authenticated users with permissions to create and execute workflows can bypass host whitelist restrictions within the workflow execution engine, potentially exposing sensitive internal endpoints and data, leading to information disclosure. CVE ID: CVE-2026-33458 Severity: CVSSv3.1: Medium (6.8) Scope of Impact Affected Versions: Kibana 9.x series, specifically all versions from 9.3.0 to 9.3.2 (inclusive). Affected Configurations: Deployments running Kibana 9.3.x with the Workflows Execution Engine enabled. Exploitation Conditions: Requires the attacker to possess authenticated credentials and have permissions to create and execute workflows. Elastic Cloud Serverless: Due to continuous deployment and patching patterns, this vulnerability was already remediated in Elastic Cloud Serverless products prior to public disclosure. Remediation and Mitigation Fixed Versions: This issue has been resolved in version 9.3.3. Indicators of Compromise (IoC) / Monitoring Recommendations: Monitor workflow execution logs for HTTP step executions resulting in redirect responses, particularly targeting internal hosts not on the whitelist. Review Kibana audit logs, focusing on HTTP step execution activities exhibiting redirect-following behavior. Monitor network logs for outbound connections initiated by Kibana to unexpected internal hosts.