Description
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.
Published: 2026-05-28
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logic error in Kibana’s handling of token expiration timestamps allows a time‑bounded access token to stay valid past its intended window. This flaw enables an unauthenticated actor who obtains such a token to retrieve protected content after the token has expired, leading to information disclosure and unauthorized file access.

Affected Systems

Elastic Kibana is affected. Version details are not supplied by the CNA. All deployments using Kibana should be reviewed for the presence of expired or time‑bounded tokens.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity vulnerability. EPSS data is unavailable, and the vulnerability is not listed in CISA KEV. An attacker must first acquire a valid token; the flaw permits reuse of that token after its expiration. Because the attack requires possession of a token, the likelihood of exploitation depends on token exposure, but once a token is compromised the attacker can read protected files until the token is revoked.

Generated by OpenCVE AI on May 28, 2026 at 20:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Kibana to the latest supported version that contains the fixed logic for token expiration.
  • If an upgrade is not immediately feasible, implement stricter token lifetime policies, disable or revoke long‑lived tokens, and force token renewal to limit the window of abuse.
  • Monitor Kibana access logs for unexpected token usage and consider revoking suspicious tokens to reduce the attack surface.

Generated by OpenCVE AI on May 28, 2026 at 20:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Elastic
Elastic kibana
Vendors & Products Elastic
Elastic kibana

Thu, 28 May 2026 19:45:00 +0000

Type Values Removed Values Added
Description Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.
Title Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access
Weaknesses CWE-672
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Elastic Kibana
cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2026-05-28T19:37:38.524Z

Reserved: 2026-03-20T10:53:23.100Z

Link: CVE-2026-33463

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-28T20:16:22.917

Modified: 2026-05-28T20:16:22.917

Link: CVE-2026-33463

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T20:30:25Z

Weaknesses