5.3
CVE-2026-33463
- EPSS 0.24%
- Veröffentlicht 28.05.2026 19:37:38
- Zuletzt bearbeitet 29.05.2026 21:18:16
- Quelle security@elastic.co
- CVE-Watchlists
- Unerledigt
Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.145 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@elastic.co | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-672 Operation on a Resource after Expiration or Release
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
https://discuss.elastic.co/t/8-19-16-9-3-5-security-update-esa-2026-33/386551