Data Analytics

In Kibana versions from 8.15.0 up to and including 8.19.9, from 9.0.0 up to and including 9.1.9, 9.2.0 up to and including 9.2.3 a high severity vulnerability CVE-2026-0532 was detected. This vulnerability allows authenticated attackers with privileges to create or modify connectors to trigger server-side request forgery and arbitrary file disclosure by supplying a specially crafted credentials JSON payload in the Google Gemini connector configuration, leading to unauthorized network requests and file reads due to insufficient input validation. To address this issue, users should upgrade Kibana to versions 8.19.10, 9.1.10 or 9.2.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-0532.

In Kibana Fleet versions from 7.10.0 up to and including 7.17.29, from 8.0.0 up to and including 8.19.9, from 9.0.0 up to and including 9.1.9 and from 9.2.0 up to and including 9.2.3 a medium severity vulnerability CVE-2026-0531 was detected. This vulnerability allows authenticated attackers with low-level (viewer-equivalent) privileges to trigger excessive memory consumption by sending a specially crafted bulk retrieval request, causing redundant database operations that can crash the server and result in denial of service for all users. To address this issue, users should upgrade Kibana to versions 8.19.10, 9.1.10 or 9.2.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-0531.

In Kibana Fleet versions from 7.10.0 up to and including 7.17.29, 8.0.0 up to and including 8.19.9, from 9.0.0 up to and including 9.1.9 and from 9.2.0 up to and including 9.2.3 a medium severity vulnerability CVE-2026-0530 was detected. This vulnerability allows attackers to trigger excessive resource consumption by sending a specially crafted request that causes redundant processing operations, eventually leading to service degradation or complete unavailability. To address this issue, users should upgrade Kibana to versions 8.19.10, 9.1.10 or 9.2.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-0530.

In Kibana versions 7.x, from 8.0.0 up to and including 8.19.9, from 9.0.0 up to and including 9.1.9, 9.2.0 up to and including 9.2.3 a high severity vulnerability CVE-2026-0543 was detected. This vulnerability allows authenticated attackers with sufficient view-level privileges to trigger excessive memory allocation by supplying a specially crafted email address parameter to the Email Connector, resulting in a denial of service and complete service unavailability until a manual restart is performed. To address this issue, users should upgrade Kibana to versions 8.19.10, 9.1.10 or 9.2.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-0543.

In Metabase versions prior to 55.13, 56.3 and 57.1 a low severity vulnerability CVE-2026-22805 was detected. This vulnerability allows attackers to access internal or local network addresses by abusing the channel test endpoint in self-hosted Metabase instances that permit users to create subscriptions, potentially exposing colocated unsecured internal resources. To address this issue, users should upgrade Metabase to versions 55.13, 56.3, 57.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-22805.

In Rancher versions >= 2.6.0, < 2.6.14, >= 2.7.0, < 2.7.10, >= 2.8.0, < 2.8.2 a high severity vulnerability CVE-2023-22649 was detected. This vulnerability may expose sensitive data in Rancher’s audit logs if audit logging is enabled and the audit level is set to 1 or above. To fix this problem, users should upgrade to the latest version 2.6.14, 2.7.10 and 2.8.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-22649.

In Rancher versions >=2.7.0, < 2.7.14, >=2.8.0, <2.8.5 a high severity vulnerability CVE-2023-22650 was detected. This vulnerability allows deleted, disabled, or revoked users from an authentication provider to retain access in Rancher, leaving their tokens still usable. To fix this problem, users should upgrade to the latest version 2.7.14 and 2.8.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-22650.