Security Advisory

CVE-2026-26939

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-19 17:11:16

Last updated 2026-03-19 17:50:30

Assigner elastic

State PUBLISHED

Description

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.

← Browse all CVEs View on cve.org ↗