Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for flx by search-guard

    CVE-2026-4819 (GCVE-0-2026-4819)

    Vulnerability from nvd – Published: 2026-03-31 14:57 – Updated: 2026-03-31 17:23
    VLAI
    Title
    Search Guard audit logs can contain under certain conditions user credentials
    Summary
    In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    floragunn Search Guard FLX Affected: 1.0.0 , ≤ 4.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-03-31 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4819",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T17:23:37.990130Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T17:23:46.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Search Guard FLX",
              "vendor": "floragunn",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-31T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."
                }
              ],
              "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T14:57:56.792Z",
            "orgId": "9f311a02-c44f-4938-8530-9219246b8255",
            "shortName": "floragunn"
          },
          "references": [
            {
              "url": "https://search-guard.com/cve-advisory/"
            },
            {
              "url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Search Guard audit logs can contain under certain conditions user credentials",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
        "assignerShortName": "floragunn",
        "cveId": "CVE-2026-4819",
        "datePublished": "2026-03-31T14:57:56.792Z",
        "dateReserved": "2026-03-25T13:44:37.576Z",
        "dateUpdated": "2026-03-31T17:23:46.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4818 (GCVE-0-2026-4818)

    Vulnerability from nvd – Published: 2026-03-31 14:53 – Updated: 2026-03-31 17:23
    VLAI
    Title
    Some management operations on data streams are not properly restricted when user does not have the necessary privileges
    Summary
    In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    floragunn Search Guard FLX Affected: 3.0.0 , ≤ 4.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-03-31 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4818",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T17:23:12.638976Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T17:23:23.853Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Search Guard FLX",
              "vendor": "floragunn",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.1",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-31T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams."
                }
              ],
              "value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T14:53:19.875Z",
            "orgId": "9f311a02-c44f-4938-8530-9219246b8255",
            "shortName": "floragunn"
          },
          "references": [
            {
              "url": "https://search-guard.com/cve-advisory/"
            },
            {
              "url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Some management operations on data streams are not properly restricted when user does not have the necessary privileges",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
        "assignerShortName": "floragunn",
        "cveId": "CVE-2026-4818",
        "datePublished": "2026-03-31T14:53:19.875Z",
        "dateReserved": "2026-03-25T13:44:35.684Z",
        "dateUpdated": "2026-03-31T17:23:23.853Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4799 (GCVE-0-2026-4799)

    Vulnerability from nvd – Published: 2026-03-31 14:41 – Updated: 2026-03-31 17:20
    VLAI
    Title
    Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests
    Summary
    In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL redirection to untrusted site ('open redirect')
    Assigner
    Impacted products
    Vendor Product Version
    floragunn Search Guard FLX Affected: 1.0.0 , ≤ 4.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-03-31 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4799",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T17:19:54.253854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T17:20:02.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Search Guard FLX",
              "vendor": "floragunn",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-31T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL."
                }
              ],
              "value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T14:41:05.646Z",
            "orgId": "9f311a02-c44f-4938-8530-9219246b8255",
            "shortName": "floragunn"
          },
          "references": [
            {
              "url": "https://search-guard.com/cve-advisory/"
            },
            {
              "url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
        "assignerShortName": "floragunn",
        "cveId": "CVE-2026-4799",
        "datePublished": "2026-03-31T14:41:05.646Z",
        "dateReserved": "2026-03-25T08:43:23.387Z",
        "dateUpdated": "2026-03-31T17:20:02.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4819 (GCVE-0-2026-4819)

    Vulnerability from cvelistv5 – Published: 2026-03-31 14:57 – Updated: 2026-03-31 17:23
    VLAI
    Title
    Search Guard audit logs can contain under certain conditions user credentials
    Summary
    In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    floragunn Search Guard FLX Affected: 1.0.0 , ≤ 4.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-03-31 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4819",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T17:23:37.990130Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T17:23:46.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Search Guard FLX",
              "vendor": "floragunn",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-31T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."
                }
              ],
              "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T14:57:56.792Z",
            "orgId": "9f311a02-c44f-4938-8530-9219246b8255",
            "shortName": "floragunn"
          },
          "references": [
            {
              "url": "https://search-guard.com/cve-advisory/"
            },
            {
              "url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Search Guard audit logs can contain under certain conditions user credentials",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
        "assignerShortName": "floragunn",
        "cveId": "CVE-2026-4819",
        "datePublished": "2026-03-31T14:57:56.792Z",
        "dateReserved": "2026-03-25T13:44:37.576Z",
        "dateUpdated": "2026-03-31T17:23:46.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4818 (GCVE-0-2026-4818)

    Vulnerability from cvelistv5 – Published: 2026-03-31 14:53 – Updated: 2026-03-31 17:23
    VLAI
    Title
    Some management operations on data streams are not properly restricted when user does not have the necessary privileges
    Summary
    In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    floragunn Search Guard FLX Affected: 3.0.0 , ≤ 4.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-03-31 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4818",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T17:23:12.638976Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T17:23:23.853Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Search Guard FLX",
              "vendor": "floragunn",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.1",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-31T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams."
                }
              ],
              "value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T14:53:19.875Z",
            "orgId": "9f311a02-c44f-4938-8530-9219246b8255",
            "shortName": "floragunn"
          },
          "references": [
            {
              "url": "https://search-guard.com/cve-advisory/"
            },
            {
              "url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Some management operations on data streams are not properly restricted when user does not have the necessary privileges",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
        "assignerShortName": "floragunn",
        "cveId": "CVE-2026-4818",
        "datePublished": "2026-03-31T14:53:19.875Z",
        "dateReserved": "2026-03-25T13:44:35.684Z",
        "dateUpdated": "2026-03-31T17:23:23.853Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4799 (GCVE-0-2026-4799)

    Vulnerability from cvelistv5 – Published: 2026-03-31 14:41 – Updated: 2026-03-31 17:20
    VLAI
    Title
    Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests
    Summary
    In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL redirection to untrusted site ('open redirect')
    Assigner
    Impacted products
    Vendor Product Version
    floragunn Search Guard FLX Affected: 1.0.0 , ≤ 4.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-03-31 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4799",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T17:19:54.253854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T17:20:02.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Search Guard FLX",
              "vendor": "floragunn",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-31T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL."
                }
              ],
              "value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T14:41:05.646Z",
            "orgId": "9f311a02-c44f-4938-8530-9219246b8255",
            "shortName": "floragunn"
          },
          "references": [
            {
              "url": "https://search-guard.com/cve-advisory/"
            },
            {
              "url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
        "assignerShortName": "floragunn",
        "cveId": "CVE-2026-4799",
        "datePublished": "2026-03-31T14:41:05.646Z",
        "dateReserved": "2026-03-25T08:43:23.387Z",
        "dateUpdated": "2026-03-31T17:20:02.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }