4.3
CVE-2026-4799
- EPSS 0.18%
- Veröffentlicht 31.03.2026 14:41:05
- Zuletzt bearbeitet 03.04.2026 15:20:31
- Quelle security@search-guard.com
- CVE-Watchlists
- Unerledigt
LoginOpen redirect vulnerability in Search Guard Kibana Plugin via manipulated requests
In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Search-guard ≫ Flx Version < 4.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.072 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@search-guard.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://search-guard.com/cve-advisory/
https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0