Medium severity6.3NVD Advisory· Published Apr 8, 2026· Updated Apr 13, 2026
CVE-2026-33458
CVE-2026-33458
Description
Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
>= 9.3.0, < 9.3.3+ 1 more
- (no CPE)range: >= 9.3.0, < 9.3.3
- (no CPE)range: >= 9.3.0, < 9.3.3
Patches
Vulnerability mechanics
References
1- discuss.elastic.co/t/kibana-9-3-3-security-update-esa-2026-28/385815nvdVendor Advisory
News mentions
0No linked articles in our index yet.