CVE-2026-4819 - Vulnerability Details - OpenCVE

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://www.spirityenterprise.com/virtual-ciso
https://www.spirityenterprise.com/managed-detection-response
https://www.spirityenterprise.com/managed-detection-response-microsoft
https://www.spirityenterprise.com/mdr-for-splunk
https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0
https://search-guard.com/cve-advisory/

History

Tue, 31 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 31 Mar 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
Title		Search Guard audit logs can contain under certain conditions user credentials
Weaknesses		CWE-522 CWE-532
References		https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0 https://search-guard.com/cve-advisory/
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: floragunn

Published: 2026-03-31T14:57:56.792Z

Updated: 2026-03-31T17:23:46.025Z

Reserved: 2026-03-25T13:44:37.576Z

Link: CVE-2026-4819

Vulnrichment

Updated: 2026-03-31T17:23:42.774Z

NVD

Status : Received

Published: 2026-03-31T16:16:34.730

Modified: 2026-03-31T16:16:34.730

Link: CVE-2026-4819

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4819", "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255", "state": "PUBLISHED", "assignerShortName": "floragunn", "dateReserved": "2026-03-25T13:44:37.576Z", "datePublished": "2026-03-31T14:57:56.792Z", "dateUpdated": "2026-03-31T17:23:46.025Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9f311a02-c44f-4938-8530-9219246b8255", "shortName": "floragunn", "dateUpdated": "2026-03-31T14:57:56.792Z"}, "title": "Search Guard audit logs can contain under certain conditions user credentials", "datePublic": "2026-03-31T10:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "CWE-532", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-522", "description": "CWE-522", "type": "CWE"}]}], "affected": [{"vendor": "floragunn", "product": "Search Guard FLX", "versions": [{"status": "affected", "version": "1.0.0", "lessThanOrEqual": "4.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."}]}], "references": [{"url": "https://search-guard.com/cve-advisory/"}, {"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T17:23:37.990130Z", "id": "CVE-2026-4819", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:23:46.025Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4819", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T17:23:37.990130Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:23:42.774Z"}}], "cna": {"title": "Search Guard audit logs can contain under certain conditions user credentials", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "floragunn", "product": "Search Guard FLX", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.1"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-31T10:00:00.000Z", "references": [{"url": "https://search-guard.com/cve-advisory/"}, {"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.", "supportingMedia": [{"type": "text/html", "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522"}]}], "providerMetadata": {"orgId": "9f311a02-c44f-4938-8530-9219246b8255", "shortName": "floragunn", "dateUpdated": "2026-03-31T14:57:56.792Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4819", "state": "PUBLISHED", "dateUpdated": "2026-03-31T17:23:46.025Z", "dateReserved": "2026-03-25T13:44:37.576Z", "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255", "datePublished": "2026-03-31T14:57:56.792Z", "assignerShortName": "floragunn"}, "dataVersion": "5.2"}