Description
In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.
Published: 2026-03-31
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: Privilege Escalation via Unauthorized Data-Stream Operations
Action: Apply Patch
AI Analysis

Impact

Search Guard FLX versions 3.0.0 through 4.0.1 lack proper privilege checks for certain data-stream management operations. This weakness allows a user without the required permissions to execute these operations, potentially altering data-stream configurations and exposing confidential information. The flaw arises from missing or incorrect authorization controls (CWE‑285) and improper role-based access control (CWE‑862).

Affected Systems

This vulnerability affects the Floragunn Search Guard FLX product in releases from 3.0.0 up to and including 4.0.1. Administrators should confirm whether their deployments run one of these impacted versions.

Risk and Exploitability

The CVSS base score is 6.8, indicating moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting limited publicly known exploitation. The likely attack vector would involve sending management requests through exposed cluster‑management APIs or command interfaces that are reachable over the network. An attacker needs only network access to those endpoints and authentication to the cluster; if the credentials lack the required privileges, the service still performs the requested operation.

Generated by OpenCVE AI on March 31, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Floragunn documentation for a fixed release; if a newer version that addresses this flaw exists, upgrade the Search Guard FLX installation to that release.
  • If an upgrade cannot be performed immediately, enforce stricter role permissions so that non‑trusted accounts cannot use data‑stream management APIs, and review cluster settings to limit exposure.
  • Monitor cluster logs for unauthorized data‑stream management activity and audit configuration changes to detect potential abuse.

Generated by OpenCVE AI on March 31, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Floragunn
Floragunn search Guard Flx
Vendors & Products Floragunn
Floragunn search Guard Flx

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.
Title Some management operations on data streams are not properly restricted when user does not have the necessary privileges
Weaknesses CWE-285
CWE-862
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Floragunn Search Guard Flx
cve-icon MITRE

Status: PUBLISHED

Assigner: floragunn

Published:

Updated: 2026-03-31T17:23:23.853Z

Reserved: 2026-03-25T13:44:35.684Z

Link: CVE-2026-4818

cve-icon Vulnrichment

Updated: 2026-03-31T17:23:18.597Z

cve-icon NVD

Status : Received

Published: 2026-03-31T16:16:34.580

Modified: 2026-03-31T16:16:34.580

Link: CVE-2026-4818

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:38:13Z

Weaknesses