Elastic has released new security updates to fix multiple vulnerabilities across its platform, including a high-severity issue that could allow attackers to read arbitrary files from affected systems.
The vulnerabilities impact Kibana and related components, affecting how files, inputs, and system resources are handled. Elastic strongly recommends updating to the latest versions to reduce exposure.
Most Critical Issue: Arbitrary File Disclosure
The most serious flaw, tracked as CVE-2026-0532, affects connector configurations and combines two weaknesses: improper file path handling and server-side request forgery (SSRF).
An authenticated attacker with permission to create or modify connectors could abuse this flaw to trigger unauthorized network requests and read files from the underlying system. This issue has a CVSS score of 8.6, placing it in the high-severity category.
Vulnerability Summary
| CVE ID | Issue Type | Severity | CVSS | Affected Versions |
|---|---|---|---|---|
| CVE-2026-0532 | File path control + SSRF | High | 8.6 | 8.15.0–8.19.9, 9.0.0–9.2.3 |
| CVE-2026-0543 | Input validation flaw (Email connector) | Medium | 6.5 | 7.x, 8.0.0–8.19.9, 9.0.0–9.2.3 |
| CVE-2026-0531 | Resource exhaustion (Fleet) | Medium | 6.5 | 7.10.0+, 8.x, 9.x |
| CVE-2026-0530 | Resource exhaustion (Fleet) | Medium | 6.5 | 7.10.0+, 8.x, 9.x |
Email Connector and Fleet DoS Issues
Another issue, CVE-2026-0543, affects Kibana’s email connector. Improper input validation allows attackers with execution privileges to submit malformed email parameters, potentially exhausting memory and causing a denial-of-service (DoS) condition that requires manual intervention to recover.
In addition, two related flaws in Kibana Fleet (CVE-2026-0531 and CVE-2026-0530) allow logged-in users to trigger excessive resource usage through repeated requests. These flaws can also lead to service disruption, and no temporary workarounds are available.
Mitigation and Recommended Action
Elastic has released fixed versions and advises users to upgrade immediately to:
- 8.19.10
- 9.1.10
- 9.2.4
Elastic Cloud Serverless deployments are not affected due to continuous updates. For self-managed environments where immediate upgrades are not possible, Elastic suggests restricting connector permissions and applying tighter access controls as a temporary risk reduction measure.
These vulnerabilities highlight the importance of regularly updating Elastic deployments, especially in environments that rely heavily on connectors and Fleet management. Organizations running affected versions should review their exposure and apply patches as soon as possible to prevent file disclosure or service disruption.
Follow Us on: Linkedin, Instagram, Facebook to get the latest security news!
Leave A Comment