CVE-2026-33463
Analyzed Analyzed - Analysis Complete
Kibana Token Expiration Logic Error Leads to Unauthorized Access

Publication date: 2026-05-28

Last updated on: 2026-05-29

Assigner: Elastic

Description
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-29
Generated
2026-06-18
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-33463
EUVD
EUVD-2026-33011
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
elastic kibana From 8.0.0 (inc) to 8.19.16 (exc)
elastic kibana From 9.0.0 (inc) to 9.3.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-672 The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-33463 is a security vulnerability in Kibana versions 8.x (from 8.0.0 to 8.19.15) and 9.x (from 9.0.0 to 9.3.4) caused by a logic error in how expiration timestamps are validated for time-bounded access tokens.

This error allows these tokens to remain usable beyond their intended expiration time, meaning an unauthorized actor who has such a token can still access the associated content after the token should have expired.

The vulnerability specifically affects deployments using the public file sharing feature to issue time-limited download links. Deployments that do not use public share tokens are not affected.

Impact Analysis

This vulnerability can lead to unauthorized information disclosure because an attacker with a time-bounded access token can retrieve content even after the token's expiration.

Since the vulnerability does not impact integrity or availability, the main risk is that sensitive or private information shared via public file sharing could be accessed by unauthorized users beyond the intended time window.

If you use Kibana's public file sharing feature to issue time-limited download links, this could expose your shared files to unauthorized access.

Detection Guidance

This vulnerability involves a logic error in expiration timestamp validation for time-bounded access tokens used in Kibana's public file sharing feature. Detection involves identifying if any expired public share tokens are still being accepted by the system.

Since the issue specifically affects public file share tokens, you can check for active or expired tokens in your Kibana deployment related to public file sharing.

No specific commands are provided in the available resources to detect this vulnerability directly on your network or system.

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade Kibana to version 8.19.16 or 9.3.5 where the issue is resolved.

  • If upgrading is not possible immediately, revoke all active public file share tokens.
  • Avoid issuing new public file share tokens until the upgrade is applied.
  • Restrict file-sharing access to trusted administrators only.
Compliance Impact

This vulnerability allows unauthorized actors to access content beyond the intended expiration of time-bounded access tokens, potentially leading to unauthorized information disclosure.

Such unauthorized disclosure of information could impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data and timely revocation of access rights.

Mitigations include upgrading to fixed versions, revoking active public file share tokens, and restricting file-sharing access to trusted administrators to reduce the risk of unauthorized data exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33463. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart