CVE-2026-4799 PUBLISHED

Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests

Assigner: floragunn
Reserved: 25.03.2026 Published: 31.03.2026 Updated: 31.03.2026

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS Score: 4.3

Product Status

Vendor floragunn
Product Search Guard FLX
Versions Default: unaffected
  • affected from 1.0.0 to 4.0.1 (incl.)

References

Problem Types

  • CWE-601 URL redirection to untrusted site ('open redirect') CWE