CVE-2026-0532
Unknown Unknown - Not Provided
Path Traversal and SSRF in Google Gemini Connector Enables Arbitrary File Disclosure

Publication date: 2026-01-14

Last updated on: 2026-01-14

Assigner: Elastic

Description
External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-14
Last Modified
2026-01-14
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0532
EUVD
EUVD-2026-2517
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
elastic kibana From 8.15.0 (inc) to 8.19.9 (inc)
elastic kibana From 9.0.0 (inc) to 9.1.9 (inc)
elastic kibana From 9.2.0 (inc) to 9.2.3 (inc)
elastic kibana 8.19.10
elastic kibana 9.1.10
elastic kibana 9.2.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves External Control of File Name or Path combined with Server-Side Request Forgery (SSRF) in the Google Gemini connector of Kibana. An attacker who has authenticated access with privileges to create or modify connectors can submit a specially crafted credentials JSON payload. Due to improper validation of this configuration by the server, the attacker can cause arbitrary network requests and disclose arbitrary files on the server. Essentially, the attacker can manipulate file paths and induce SSRF attacks, potentially exposing sensitive files and internal network resources. [1]

Impact Analysis

This vulnerability can allow an attacker with sufficient privileges to disclose arbitrary files on the server and make arbitrary network requests. This could lead to exposure of sensitive files and internal network resources, potentially compromising the confidentiality of data and the security of the internal network environment. [1]

Detection Guidance

Detection involves checking for the presence of vulnerable Kibana versions (8.15.0 through 8.19.9, 9.0.0 through 9.1.9, and 9.2.0 through 9.2.3) and monitoring for unusual or unauthorized modifications to Google Gemini connector configurations, especially those involving credentials JSON payloads. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading Kibana to versions 8.19.10, 9.1.10, or 9.2.4, which contain the fix for this vulnerability. If upgrading is not possible immediately, disable the Google Gemini connector by setting the appropriate value in the `xpack.actions.enabledActionTypes` configuration. Elastic Cloud Serverless environments have already been patched. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0532. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart