Description
Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.
Published: 2026-03-19
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The flaw is a missing authorization check in Kibana’s server‑side Detection Rule Management that allows an authenticated attacker with rule‑management privileges to configure endpoint‑response actions such as host isolation, process termination, or suspension. This unauthorized configuration can compromise host integrity or cause denial of service by altering endpoint behavior.

Affected Systems

Elastic Kibana is affected. All Kibana installations lacking the latest security update are vulnerable, with specific references to releases 9.3.0 and earlier as indicated by the common product enumeration strings.

Risk and Exploitability

The vulnerability has a CVSS score of 6.5, indicating moderate severity, and an EPSS score of less than 1%, suggesting a low likelihood of exploitation in the wild. It is not listed in the CISA KEV catalog. Because exploitation requires an authenticated user with rule‑management privileges, the risk is limited to environments where such privileges are not tightly controlled; nevertheless, the potential to alter endpoint controls warrants prompt attention.

Generated by OpenCVE AI on March 23, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official Kibana security update released by Elastic for this CVE
  • Restrict rule‑management permissions to trusted accounts only
  • Verify that role‑based access controls are correctly enforced for endpoint‑response actions
  • Monitor Kibana logs for unexpected changes to endpoint‑response configurations

Generated by OpenCVE AI on March 23, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:kibana:9.3.0:*:*:*:*:*:*:*

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1220
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Elastic
Elastic kibana
Vendors & Products Elastic
Elastic kibana

Thu, 19 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.
Title Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Elastic Kibana
cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2026-03-19T17:50:30.754Z

Reserved: 2026-02-16T16:42:05.774Z

Link: CVE-2026-26939

cve-icon Vulnrichment

Updated: 2026-03-19T17:50:23.146Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T18:16:21.690

Modified: 2026-03-23T13:36:57.857

Link: CVE-2026-26939

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-19T17:11:16Z

Links: CVE-2026-26939 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:16Z

Weaknesses