Description
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
Published: 2026-03-31
Score: 4.9 Medium
EPSS: n/a
KEV: No
Impact: Credential disclosure via audit logs
Action: Apply Patch
AI Analysis

Impact

Search Guard FLX’s audit logging feature may record user credentials when users authenticate to Kibana in versions 1.0.0 through 4.0.1. This flaw results in accidental exposure of usernames and passwords in log files, mapping to CWE-522 and CWE-532, and represents an inappropriate storage and excessive logging of sensitive data. An attacker who can read these logs could obtain login credentials and use them to further compromise the system.

Affected Systems

The vulnerability affects all installations of Search Guard FLX from version 1.0.0 up to and including 4.0.1, regardless of operating system. Environments that deploy Kibana with Search Guard FLX are at risk until the software is upgraded to a version released after 4.0.1.

Risk and Exploitability

The CVSS base score of 4.9 indicates a moderate severity. The likely attack vector is local or remote read access to the audit log files, which can be achieved by a user with sufficient file‑system permissions or by an attacker who has compromised the host. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting that exploitation has not been widely observed. Nevertheless, because compromised credentials can lead to broader system compromise, administrators should treat this as a priority risk.

Generated by OpenCVE AI on March 31, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Search Guard FLX to version 4.1.0 or later, as specified in the official changelog.
  • Verify that audit logging no longer records user credentials after the upgrade.
  • Restrict file system permissions on audit log files so that only authorized administrators can read them.

Generated by OpenCVE AI on March 31, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Floragunn
Floragunn search Guard Flx
Vendors & Products Floragunn
Floragunn search Guard Flx

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
Title Search Guard audit logs can contain under certain conditions user credentials
Weaknesses CWE-522
CWE-532
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Floragunn Search Guard Flx
cve-icon MITRE

Status: PUBLISHED

Assigner: floragunn

Published:

Updated: 2026-03-31T17:23:46.025Z

Reserved: 2026-03-25T13:44:37.576Z

Link: CVE-2026-4819

cve-icon Vulnrichment

Updated: 2026-03-31T17:23:42.774Z

cve-icon NVD

Status : Received

Published: 2026-03-31T16:16:34.730

Modified: 2026-03-31T16:16:34.730

Link: CVE-2026-4819

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:38:12Z

Weaknesses