Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Elastic — Vulnerabilities & Security Advisories 222

Browse all 222 CVE security advisories affecting Elastic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Elastic:KibanaElasticsearchLogstashPacketbeatElastic X-Pack SecurityElastic Cloud EnterpriseAPM ServerElastic AgentX-Pack SecurityBeatsElastic Cloud Enterprise (ECE)Elastic Enterprise SearchElastic DefendMetricbeatFleet ServerFilebeatElastic Endpoint SecurityElastic Cloud on KubernetesElastic App SearchElasticsearch X-Pack Machine LearningElasticsearch X-Pack SecurityElastic Agent and Elastic DefendKibana X-Pack SecurityElastic X-Pack ReportingElastic Network Drive ConnectorElastic X-Pack AlertingEnterprise SearchElasticsearch-HadoopElastic Sharepoint Online Python ConnectorElastic APM Java Agent
CVE IDTitleCVSSSeverityPaused
CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write — LogstashCWE-22 8.1 High2026-04-08
CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure — KibanaCWE-918 6.8 Medium2026-04-08
CVE-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service — KibanaCWE-400 6.5 Medium2026-04-08
CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure — KibanaCWE-863 4.3 Medium2026-04-08
CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure — KibanaCWE-863 7.7 High2026-04-08
CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope — KibanaCWE-250 7.7 High2026-04-08
CVE-2026-26940 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service — KibanaCWE-1284 6.5 Medium2026-03-19
CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration — KibanaCWE-862 6.5 Medium2026-03-19
CVE-2026-26933 Improper Validation of Array Index in Packetbeat Leading to Denial of Service — PacketbeatCWE-129 5.7 Medium2026-03-19
CVE-2026-26931 Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service — MetricbeatCWE-789 5.7 Medium2026-03-19
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF) — KibanaCWE-1336 8.6 High2026-02-26
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service — KibanaCWE-400 6.5 Medium2026-02-26
CVE-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service — KibanaCWE-1333 4.9 Medium2026-02-26
CVE-2026-26935 Improper Input Validation in Kibana Leading to Denial of Service — KibanaCWE-20 6.5 Medium2026-02-26
CVE-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service — KibanaCWE-1284 6.5 Medium2026-02-26
CVE-2026-26932 Improper Validation of Array Index in Packetbeat Leading to Denial of Service — PacketbeatCWE-129 5.7 Medium2026-02-26
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector — KibanaCWE-918 8.6 High2026-01-14
CVE-2026-0529 Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers — PacketbeatCWE-129 6.5 Medium2026-01-14
CVE-2026-0543 Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation — KibanaCWE-20 6.5 Medium2026-01-13
CVE-2026-0531 Allocation of Resources Without Limits or Throttling in Kibana Fleet — KibanaCWE-770 6.5 Medium2026-01-13
CVE-2026-0530 Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation — KibanaCWE-770 6.5 Medium2026-01-13
CVE-2026-0528 Improper Input Validation in Metricbeat Leading to Denial of Service — MetricbeatCWE-129 6.5 Medium2026-01-13
CVE-2025-68422 Kibana Improper Authorization — KibanaCWE-863 4.3 Medium2025-12-18
CVE-2025-68386 Kibana Improper Authorization — KibanaCWE-863 4.3 Medium2025-12-18
CVE-2025-68390 Elasticsearch Allocation of Resources Without Limits or Throttling — ElasticsearchCWE-770 4.9 Medium2025-12-18
CVE-2025-68389 Kibana Allocation of Resources Without Limits or Throttling — KibanaCWE-770 6.5 Medium2025-12-18
CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — KibanaCWE-79 6.1 Medium2025-12-18
CVE-2025-68385 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — KibanaCWE-79 7.2 High2025-12-18
CVE-2025-68384 Elasticsearch Allocation of Resources Without Limits or Throttling — ElasticsearchCWE-770 6.5 Medium2025-12-18
CVE-2025-68383 Filebeat Improper Validation of Specified Index, Position, or Offset in Input — FilebeatCWE-1284 6.5 Medium2025-12-18

This page lists every published CVE security advisory associated with Elastic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.