Information Disclosure Vulnerability in Kibana by Elastic
CVE-2026-49088

4.4MEDIUM

Key Information:

Vendor

Elastic

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-49088?

A vulnerability in Kibana allows for the insertion of sensitive information into application log files when application performance monitoring (APM) is enabled. This could lead to unauthorized access to sensitive request header values in the logs, making them potentially accessible to users with log access. Users should be cautious when enabling APM features to avoid unintentional exposure of sensitive data.

Affected Version(s)

Kibana 8.0.0 <= 8.18.8

Kibana 9.1.0 <= 9.1.5

Kibana 9.0.0 <= 9.0.7

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.