Information Disclosure Vulnerability in Kibana by Elastic
CVE-2026-49088
4.4MEDIUM
What is CVE-2026-49088?
A vulnerability in Kibana allows for the insertion of sensitive information into application log files when application performance monitoring (APM) is enabled. This could lead to unauthorized access to sensitive request header values in the logs, making them potentially accessible to users with log access. Users should be cautious when enabling APM features to avoid unintentional exposure of sensitive data.
Affected Version(s)
Kibana 8.0.0 <= 8.18.8
Kibana 9.1.0 <= 9.1.5
Kibana 9.0.0 <= 9.0.7