Improper Output Neutralization Vulnerability in Kibana by Elastic
CVE-2026-49091
8HIGH
What is CVE-2026-49091?
An improper output neutralization vulnerability in Kibana allows attackers to inject malicious content into log files. By supplying specially crafted input, an attacker can manipulate log entries that may be viewed in terminals interpreting control sequences. This log injection can compromise the integrity of log data, leading to potential tampering and forgery of logs, ultimately affecting audit trails and security monitoring.
Affected Version(s)
Kibana 8.0.0 <= 8.11.0
Kibana 7.0.0 <= 7.17.14