CVE-2026-4818

MEDIUM 6.8

Some management operations on data streams are not properly restricted when user does not have the necessary privileges

CVSS Score

6.8

EPSS Score

0.0%

EPSS Percentile

0th

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.

CWE	CWE-285 CWE-862
Vendor	floragunn
Product	search guard flx
Published	Mar 31, 2026
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for floragunn search guard flx

Be the first to know when new medium vulnerabilities affecting floragunn search guard flx are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

floragunn / Search Guard FLX

3.0.0 ≤ 4.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

search-guard.com: https://search-guard.com/cve-advisory/ docs.search-guard.com: https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0