Multiple Elastic Vulnerabilities Could Lead to File Theft and DoS

Elastic’s Kibana platform is a cornerstone of many observability stacks, providing visual dashboards and data exploration for Elasticsearch clusters. As organizations increasingly rely on these interfaces for real‑time monitoring, the attack surface expands, making security updates a top priority. The recent disclosure of four vulnerabilities—spanning SSRF, file disclosure, and resource‑allocation flaws—highlights how even well‑maintained open‑source components can harbor critical weaknesses. Security researchers identified the issues in early 2026, prompting Elastic to issue emergency advisories and patches within days.

The most severe flaw, CVE‑2026‑0532, leverages the Google Gemini connector to let an attacker with connector‑management rights craft malicious JSON that triggers arbitrary network calls and reads arbitrary files, earning an 8.6 CVSS rating. The three medium‑severity bugs affect Kibana Fleet’s bulk‑retrieval API and the Email connector, where malformed requests can exhaust memory and CPU, leading to full service crashes. Exploitation does not require root access; low‑privilege viewers can initiate the DoS, while authenticated users can exfiltrate configuration secrets, posing a dual confidentiality and availability threat.

Elastic’s remediation roadmap advises upgrading to version 8.19.10 for the 8.x line, 9.1.10 for the 9.0 branch, and 9.2.4 for the 9.2 series. For environments where immediate upgrades are impractical, administrators can disable vulnerable connector types via the xpack.actions.enabledActionTypes setting, buying time for scheduled maintenance. Cloud‑native Elastic deployments benefit from continuous‑delivery pipelines that applied the fixes before public disclosure, underscoring the advantage of managed services. Enterprises should audit their Kibana instances, prioritize patching, and incorporate regular vulnerability scanning to mitigate similar supply‑chain risks in the future.