Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Elastic — Vulnerabilities & Security Advisories 223

Browse all 223 CVE security advisories affecting Elastic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Elastic operates as a search and analytics engine, primarily powering the ELK Stack for log management and data visualization. With 223 recorded Common Vulnerabilities and Exposures, the platform has historically been susceptible to critical flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation and authentication bypasses within its Java-based architecture. Notable incidents involve unauthorized access to sensitive data through exposed APIs, highlighting risks associated with default configurations. The sheer volume of CVEs suggests persistent challenges in securing complex distributed systems. While the software remains a cornerstone for enterprise search, its extensive attack surface requires rigorous patching and strict access controls to mitigate the high probability of exploitation by threat actors targeting its widespread deployment infrastructure.

Found 96 results / 223Clear Filters
Top products by Elastic: Kibana Elasticsearch Logstash Packetbeat Elastic X-Pack Security Elastic Cloud Enterprise APM Server Beats Elastic Enterprise Search Elastic Agent Elastic Cloud Enterprise (ECE) X-Pack Security Elasticsearch X-Pack Machine Learning Elastic Defend Fleet Server Metricbeat Elastic Cloud on Kubernetes Elastic App Search Filebeat Elastic Endpoint Security Elastic Package Registry Elastic APM Java Agent Elastic APM .NET Agent Elastic Sharepoint Online Python Connector Elasticsearch-Hadoop Enterprise Search Elastic Network Drive Connector Elastic Agent and Elastic Defend Endpoint Elastic Endpoint Security and Elastic Endgame Security
CVE IDTitleCVSSSeverityPublished
CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure — KibanaCWE-918 6.8 Medium2026-04-08
CVE-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service — KibanaCWE-400 6.5 Medium2026-04-08
CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure — KibanaCWE-863 4.3 Medium2026-04-08
CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure — KibanaCWE-863 7.7 High2026-04-08
CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope — KibanaCWE-250 7.7 High2026-04-08
CVE-2026-26940 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service — KibanaCWE-1284 6.5 Medium2026-03-19
CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration — KibanaCWE-862 6.5 Medium2026-03-19
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF) — KibanaCWE-1336 8.6 High2026-02-26
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service — KibanaCWE-400 6.5 Medium2026-02-26
CVE-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service — KibanaCWE-1333 4.9 Medium2026-02-26
CVE-2026-26935 Improper Input Validation in Kibana Leading to Denial of Service — KibanaCWE-20 6.5 Medium2026-02-26
CVE-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service — KibanaCWE-1284 6.5 Medium2026-02-26
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector — KibanaCWE-918 8.6 High2026-01-14
CVE-2026-0543 Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation — KibanaCWE-20 6.5 Medium2026-01-13
CVE-2026-0531 Allocation of Resources Without Limits or Throttling in Kibana Fleet — KibanaCWE-770 6.5 Medium2026-01-13
CVE-2026-0530 Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation — KibanaCWE-770 6.5 Medium2026-01-13
CVE-2025-68422 Kibana Improper Authorization — KibanaCWE-863 4.3 Medium2025-12-18
CVE-2025-68386 Kibana Improper Authorization — KibanaCWE-863 4.3 Medium2025-12-18
CVE-2025-68389 Kibana Allocation of Resources Without Limits or Throttling — KibanaCWE-770 6.5 Medium2025-12-18
CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — KibanaCWE-79 6.1 Medium2025-12-18
CVE-2025-68385 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — KibanaCWE-79 7.2 High2025-12-18
CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality — KibanaCWE-79 5.4 Medium2025-12-15
CVE-2025-37734 Kibana Origin Validation Error — KibanaCWE-346 4.3 Medium2025-11-12
CVE-2025-37735 Elastic Defend 安全漏洞 — KibanaCWE-281 7.0 High2025-11-06
CVE-2025-25017 Kibana Stored Cross-Site Scripting (XSS) — KibanaCWE-79 8.2 High2025-10-10
CVE-2025-25018 Kibana Stored Cross-Site Scripting (XSS) — KibanaCWE-79 8.7 High2025-10-10
CVE-2025-25009 Kibana Cross-Site Scripting (XSS) — KibanaCWE-79 8.7 High2025-10-07
CVE-2025-37728 Kibana Insufficiently Protected Credentials in the CrowdStrike Connector — KibanaCWE-522 5.4 Medium2025-10-07
CVE-2025-25010 Kibana privilege escalation via reporting_user role — KibanaCWE-863 6.5 Medium2025-08-28
CVE-2025-25012 Kibana Open Redirect — KibanaCWE-601 4.3 Medium2025-06-25

This page lists every published CVE security advisory associated with Elastic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.