CVE-2026-33463
EUVD-2026-3301128.05.2026, 20:16
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| elastic | kibana | 8.0.0 ≤ 𝑥 < 8.19.16 |
| elastic | kibana | 9.0.0 ≤ 𝑥 < 9.3.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration