CVE-2026-4818 PUBLISHED

Some management operations on data streams are not properly restricted when user does not have the necessary privileges

Assigner: floragunn
Reserved: 25.03.2026 Published: 31.03.2026 Updated: 31.03.2026

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS Score: 6.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	floragunn
Product	Search Guard FLX
Versions	Default: unaffected affected from 3.0.0 to 4.0.1 (incl.)

References

https://search-guard.com/cve-advisory/
https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0

Problem Types

CWE-285 CWE
CWE-862 CWE