Description
In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.
Published: 2026-03-31
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The flaw in Search Guard FLX permits users who lack the necessary permissions to execute certain management operations on data streams. This lapse in access control enables unauthorized modification or deletion of data streams, potentially compromising data integrity and availability. The weakness maps to Access Control failures (CWE-285) and Illegal Privilege Escalation (CWE-862).

Affected Systems

Search Guard FLX, developed by Floragunn, is affected for all releases between version 3.0.0 and 4.0.1 inclusive. Anyone running those versions on their Elasticsearch cluster is susceptible to the vulnerability if user privileges are not correctly enforced.

Risk and Exploitability

The CVSS base score of 6.8 indicates a moderate threat level, and the EPSS value below 1% suggests that exploitation is currently uncommon. The vulnerability is not recorded in the CISA KEV catalog. Attack attempts would likely target the cluster’s internal API or management interfaces, as privileged operations are performed via Search Guard’s authentication mechanism. Because the exploit requires only the existence of an account lacking proper rights, it can be carried out by an attacker who gains minimal access within the environment; however, a dedicated exploit is not documented in the supplied information, so the likelihood remains low based on current evidence.

Generated by OpenCVE AI on April 3, 2026 at 16:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Search Guard FLX to version 4.1.0 or newer, which addresses the privilege escalation issue.
  • Verify that the roles assigned to users explicitly include only the permissions required for data stream management.
  • Audit existing role definitions to ensure they adhere to the principle of least privilege.
  • Monitor cluster logs for unexpected data stream operations to detect potential misuse early.

Generated by OpenCVE AI on April 3, 2026 at 16:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Search-guard
Search-guard flx
CPEs cpe:2.3:a:search-guard:flx:*:*:*:*:*:*:*:*
Vendors & Products Search-guard
Search-guard flx

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Floragunn
Floragunn search Guard Flx
Vendors & Products Floragunn
Floragunn search Guard Flx

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.
Title Some management operations on data streams are not properly restricted when user does not have the necessary privileges
Weaknesses CWE-285
CWE-862
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Floragunn Search Guard Flx
Search-guard Flx
cve-icon MITRE

Status: PUBLISHED

Assigner: floragunn

Published:

Updated: 2026-03-31T17:23:23.853Z

Reserved: 2026-03-25T13:44:35.684Z

Link: CVE-2026-4818

cve-icon Vulnrichment

Updated: 2026-03-31T17:23:18.597Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T16:16:34.580

Modified: 2026-04-03T13:56:52.713

Link: CVE-2026-4818

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:17:41Z

Weaknesses