The vulnerability resides in Kibana’s Fleet plugin debug route handlers. The issue is a privilege abuse flaw (CWE‑250) that allows the plugin to read Elasticsearch index data beyond the limits set by the user’s RBAC permissions. When triggered, an attacker could retrieve sensitive search results or configuration information that should be restricted, effectively exposing protected data within the cluster.

This impact applies to installations of Kibana that include the Fleet feature. The CNA identified Elastic:Kibana as the affected vendor and product, but no specific version numbers were supplied, indicating that any current or future releases containing these debug route handlers might be vulnerable until a fix is applied. Users operating within the Elastic distribution are therefore at risk if they enable the Fleet feature without applying the latest security update.

The CVSS base score of 7.7 signals a high severity, while the EPSS score of less than 1% suggests that exploitation in the wild is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is authenticated access to Kibana’s web interface with sufficient Fleet sub‑feature privileges (agents, agent policies, or settings management). An attacker who meets these prerequisites can invoke the debug routes to read arbitrary index data, representing a direct privilege escalation within a legitimate user session.