CVE-2026-49093
EUVD-2026-3303528.05.2026, 21:16
Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| elastic | kibana | 9.3.0 ≤ 𝑥 < 9.3.3 |
𝑥
= Vulnerable software versions