Improper Output Neutralization Vulnerability in Kibana by Elastic
CVE-2026-49091

8HIGH

Key Information:

Vendor

Elastic

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-49091?

An improper output neutralization vulnerability in Kibana allows attackers to inject malicious content into log files. By supplying specially crafted input, an attacker can manipulate log entries that may be viewed in terminals interpreting control sequences. This log injection can compromise the integrity of log data, leading to potential tampering and forgery of logs, ultimately affecting audit trails and security monitoring.

Affected Version(s)

Kibana 8.0.0 <= 8.11.0

Kibana 7.0.0 <= 7.17.14

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.