Description
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
Published: 2026-03-31
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Credential Exposure
Action: Patch
AI Analysis

Impact

In Search Guard FLX versions 1.0.0 through 4.0.1, the audit logging feature may record user credentials when users log into Kibana. This results in sensitive authentication details being written to audit logs, which can be read by anyone with access to those logs. The vulnerability is categorized as a credential exposure (CWE‑522) and a log file disclosure (CWE‑532).

Affected Systems

The affected product is Floragunn Search Guard FLX. All editions and deployments of the product released between versions 1.0.0 and 4.0.1 are potentially impacted. No specific operating system or sub‑product is mentioned, so any environment running the affected versions must be considered at risk.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity, and the EPSS score below 1% suggests a low likelihood of exploitation in the wild. The vulnerability is currently not listed in the CISA KEV catalog, meaning it has not yet been identified as a known exploited vulnerability in the field. An attacker would need to read the audit logs after a user has logged in, which is inferred from the description. The description does not indicate that a remote code execution or privilege escalation vector exists; the primary risk is credential compromise through log analysis.

Generated by OpenCVE AI on April 3, 2026 at 17:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Search Guard FLX to version 4.1.0 or later, as documented in the changelog and CVE advisory.
  • If an upgrade cannot be performed immediately, restrict audit log read permissions to only privileged administrators and disable any public or unauthenticated access to the log files.
  • Review existing audit logs for exposed credentials and, if found, delete or redact the sensitive entries to prevent credential theft.

Generated by OpenCVE AI on April 3, 2026 at 17:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Search-guard
Search-guard flx
CPEs cpe:2.3:a:search-guard:flx:*:*:*:*:*:*:*:*
Vendors & Products Search-guard
Search-guard flx

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Floragunn
Floragunn search Guard Flx
Vendors & Products Floragunn
Floragunn search Guard Flx

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
Title Search Guard audit logs can contain under certain conditions user credentials
Weaknesses CWE-522
CWE-532
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Floragunn Search Guard Flx
Search-guard Flx
cve-icon MITRE

Status: PUBLISHED

Assigner: floragunn

Published:

Updated: 2026-03-31T17:23:46.025Z

Reserved: 2026-03-25T13:44:37.576Z

Link: CVE-2026-4819

cve-icon Vulnrichment

Updated: 2026-03-31T17:23:42.774Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T16:16:34.730

Modified: 2026-04-03T13:49:07.970

Link: CVE-2026-4819

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:17:40Z

Weaknesses