Description
In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.
Published: 2026-03-31
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Open Redirect
Action: Patch
AI Analysis

Impact

The flaw permits attackers to craft requests that redirect users to any external URL. This open redirect flaw is identified as CWE‑601. While the vulnerability does not provide code execution or direct data exfiltration, it can be used to steer users to malicious sites, potentially resulting in phishing or credential phishing.

Affected Systems

Affected product is Search Guard FLX (floragunn), a Kibana plugin. Versions through 4.0.1 include the issue. Version 4.1.0 and later contain the fix. The product is available for all platforms per the CPE entry.

Risk and Exploitability

CVSS score 4.3 indicates moderate severity. EPSS below 1 % suggests low exploitation likelihood in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that authentication is not required to trigger the redirect; any client that can reach the Search Guard‑protected Kibana instance may craft the malicious request. Consequently, the potential attack surface is broad. Exploitation requires only sending a crafted request, which can be performed via a web browser or automated tools once the target URL is exposed.

Generated by OpenCVE AI on April 3, 2026 at 17:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Search Guard FLX to version 4.1.0 or later
  • Verify that redirect URLs are no longer accepted by performing a test request
  • If an immediate upgrade is not feasible, configure network firewalls or reverse proxy rules to block redirects to untrusted domains

Generated by OpenCVE AI on April 3, 2026 at 17:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Search-guard
Search-guard flx
CPEs cpe:2.3:a:search-guard:flx:*:*:*:*:*:*:*:*
Vendors & Products Search-guard
Search-guard flx

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Floragunn
Floragunn search Guard Flx
Vendors & Products Floragunn
Floragunn search Guard Flx

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Description In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.
Title Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

Floragunn Search Guard Flx
Search-guard Flx
cve-icon MITRE

Status: PUBLISHED

Assigner: floragunn

Published:

Updated: 2026-03-31T17:20:02.797Z

Reserved: 2026-03-25T08:43:23.387Z

Link: CVE-2026-4799

cve-icon Vulnrichment

Updated: 2026-03-31T17:19:58.969Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T15:16:21.137

Modified: 2026-04-03T15:20:31.917

Link: CVE-2026-4799

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:17:42Z

Weaknesses