CVE-2026-0532
External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector
CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th
External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads.
| CWE | CWE-918 |
| Vendor | elastic |
| Product | kibana |
| Published | Jan 14, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for elastic kibana
Be the first to know when new high vulnerabilities affecting elastic kibana are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Elastic / Kibana
8.15.0 โค 8.19.9 9.0.0 โค 9.1.9 9.2.0 โค 9.2.3
References
discuss.elastic.co: https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-0532 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2429540 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0532.json