In LiteLLM versions prior to 1.83.0 critical severity vulnerability CVE-2026-35029 was detected. This vulnerability allows attackers to use the /config/update endpoint to modify proxy configurations, achieve remote code execution through custom handlers, read arbitrary server files, and take over privileged accounts by overwriting environment variables. To address this issue users must upgrade to the 1.83.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35029.
Read more Data AnalyticsIn Logstash versions 8.0.0 – 8.19.13, 9.0.0 – 9.2.7, and 9.3.0 – 9.3.2 high severity vulnerability CVE-2026-33466 was detected. This vulnerability allows attackers to write arbitrary files to the host filesystem and potentially achieve remote code execution via relative path traversal by serving a specially crafted compressed archive through a compromised update endpoint. To address this issue users must upgrade to 8.19.14, 9.2.8, or 9.3.3 versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33466.
Read more Data AnalyticsIn Kibana all versions from 8.0.0 up to and including 8.19.13, all versions from 9.0.0 up to and including 9.2.7 and all versions from 9.3.0 up to and including 9.3.2 a high severity vulnerability CVE-2026-33461 was detected. This vulnerability allows attackers with limited Fleet privileges to access sensitive configuration data, including private keys and authentication tokens, by exploiting an internal API endpoint that bypasses proper authorization checks. To address this issue, users should upgrade Kibana to versions 8.19.14, 9.2.8, or 9.3.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33461.
Read more Data AnalyticsIn Kibana all versions from 8.0.0 up to and including 8.19.13, all versions from 9.0.0 up to and including 9.2.7 and all versions from 9.3.0 up to and including 9.3.2 a medium severity vulnerability CVE-2026-33460 was detected. This vulnerability allows attackers with Fleet agent management privileges to access Fleet Server policy details from other spaces by exploiting an internal enrollment endpoint that bypasses space-scoped authorization controls. To address this issue, users should upgrade Kibana to versions 8.19.14, 9.2.8, or 9.3.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33460.
Read more Data AnalyticsIn Kibana all versions from 8.0.0 up to and including 8.19.13, all versions from 9.0.0 up to and including 9.2.7 and all versions from 9.3.0 up to and including 9.3.2 a high severity vulnerability CVE-2026-33459 was detected. This vulnerability allows authenticated users to cause denial of service (DoS) by submitting specially crafted requests with excessively large input values to the automatic import feature, leading to excessive resource consumption and service disruption. To address this issue, users should upgrade Kibana to versions 8.19.14, 9.2.8, or 9.3.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33459.
Read more Data AnalyticsIn Kibana all versions from 9.3.0 up to and including 9.3.2 a high severity vulnerability CVE-2026-33458 was detected. This vulnerability allows authenticated users with workflow creation and execution privileges to perform server-side request forgery (SSRF) by bypassing host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data. To address this issue, users should upgrade Kibana to version 9.3.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33458.
Read more Data AnalyticsIn Kibana all versions from 8.0.0 up to and including 8.19.13, all versions from 9.0.0 up to and including 9.2.7 and all versions from 9.3.0 up to and including 9.3.2 a high severity vulnerability CVE-2026-4498 was detected. This vulnerability allows authenticated users with Fleet sub-feature privileges to read index data beyond their intended Elasticsearch RBAC scope due to execution with unnecessary privileges in debug route handlers. To address this issue, users should upgrade Kibana to versions 8.19.14, 9.2.8, or 9.3.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4498.
Read more Data AnalyticsIn MLflow versions before v3.7.0 a critical severity vulnerability CVE-2025-15036 was detected. A path traversal flaw in the extract_archive_to_dir function allows crafted tar archives to write files outside the intended extraction directory by using malicious member paths. To address this issue, users should update MLflow to versions v3.7.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-15036.
Read more Data AnalyticsIn MLflow version 3.8.0 a critical severity vulnerability CVE-2025-15379 was detected. This vulnerability allows attackers to execute arbitrary commands by supplying a malicious model artifact, as dependency specifications from the python_env.yaml file are unsafely interpolated into shell commands in the _install_model_dependencies_to_env() function when using env_manager=LOCAL. To address this issue, users should upgrade MLflow to version 3.8.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-15379.
Read more Data Analytics