CVE-2026-49095

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-49095
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-49095.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-49095
Aliases
Downstream
Published
2026-05-28T19:48:31.466Z
Modified
2026-06-26T03:54:50.671150223Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Improper Input Validation in Kibana Fleet Leading to Privilege Escalation
Details

Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequately validated. An attacker can cause Elastic Agents to be issued API keys with elevated Elasticsearch privileges, potentially granting unauthorized read and write access to sensitive Elasticsearch security indices beyond what is intended for the Fleet management role.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/49xxx/CVE-2026-49095.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "9.0.0"
                },
                {
                    "last_affected": "9.3.4"
                },
                {
                    "introduced": "9.4.0"
                },
                {
                    "last_affected": "9.4.1"
                },
                {
                    "introduced": "8.0.0"
                },
                {
                    "last_affected": "8.19.15"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "elastic"
}
References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Introduced
1b6a7ece17463df5ff54a3e1302d825889aa1161
Fixed
0ecfe314ed6ddebb736091bf37b3b6758209b73b
Introduced
112859b85d50de2a7e63f73c8fc70b99eea24291
Fixed
7dcc32bebba091844c0207f9dae8fda6c7d08542
Introduced
2e8528e92361c3399724226deaf2b46f933e925b
Fixed
c402c2b36d90eae29c0182f86bd9050fd0b746cc
Database specific 
{
    "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.19.16"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.3.5"
        },
        {
            "introduced": "9.4.0"
        },
        {
            "fixed": "9.4.2"
        }
    ]
}

Affected versions

v9.*
v9.4.0
v9.4.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-49095.json"

Git / github.com/elastic/kibana

Affected ranges

Type
GIT
Repo
https://github.com/elastic/kibana
Events
Introduced
57ca5e139a33dd2eed927ce98d8231a1f217cd15
Fixed
209c12d77d1bf1bc561abff2b91aa95f354734a3
Introduced
504d6bfa94cca17fabb76e06152c30c4f0c3efdd
Fixed
db396449a69d0613b0b4dc8b8e9789aa35504e0f
Introduced
b2e39752e03b56f48f51943214475ddba1f8e974
Fixed
ca34dedcfe614964fe236c237a023021da0a8665
Database specific 
{
    "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.19.16"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.3.5"
        },
        {
            "introduced": "9.4.0"
        },
        {
            "fixed": "9.4.2"
        }
    ]
}

Affected versions

v9.*
v9.4.0
v9.4.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-49095.json"