CVE-2026-49095
Improper Input Validation in Kibana Fleet Agent Policy
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: Elastic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | elastic_agents | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated user with Fleet management privileges to escalate their privileges by injecting values into the agent policy configuration, resulting in Elastic Agents receiving API keys with elevated Elasticsearch privileges. This can lead to unauthorized read and write access to sensitive Elasticsearch security indices.
Such unauthorized access to sensitive data could potentially violate compliance requirements under standards like GDPR and HIPAA, which mandate strict controls over access to personal and sensitive information to ensure confidentiality and integrity.
Therefore, exploitation of this vulnerability may lead to non-compliance with these regulations due to improper access controls and potential exposure or modification of protected data.
Can you explain this vulnerability to me?
This vulnerability is an improper input validation issue in the Kibana Fleet agent policy management feature. It allows an authenticated user who has Fleet management privileges to manipulate the agent policy configuration by injecting values into a configuration override mechanism that is not properly validated.
As a result, an attacker can cause Elastic Agents to be issued API keys with elevated Elasticsearch privileges, which means they can gain unauthorized access beyond what is normally allowed for the Fleet management role.
How can this vulnerability impact me? :
This vulnerability can lead to privilege escalation, allowing an attacker to gain unauthorized read and write access to sensitive Elasticsearch security indices.
Such unauthorized access can compromise the confidentiality and integrity of sensitive data stored in Elasticsearch, potentially leading to data breaches or unauthorized modifications.
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2026-49095, you should upgrade Kibana Fleet to versions 8.19.16, 9.3.5, or 9.4.2 or later where the vulnerability is fixed.
If upgrading is not immediately possible, restrict the fleet-all privilege to limit the number of users who can exploit this vulnerability.