CVE-2026-26939

MEDIUM EPSS 7.2%

Published Mar 19, 20263mo ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Mar 19, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.

CVSS Details

Base Score

6.5

Exploitability

2.8

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality None

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

7.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 3

Vendor	Product	Version	Range
elastic	kibana	*	≥8.0.0 – <8.19.12
elastic	kibana	*	≥9.0.0 – <9.2.6
elastic	kibana	9.3.0	any

References 1

discuss.elastic.co https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.