Medium severity4.6NVD Advisory· Published May 28, 2026· Updated May 29, 2026
CVE-2026-33462
CVE-2026-33462
Description
A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana interface, the deletion request is redirected to an unintended internal endpoint, potentially resulting in the unauthorized deletion of user accounts or other resources. Exploitation requires an administrator to perform a delete action on the maliciously crafted dashboard object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords2 versions
>= 8.0.0, < 8.19.16+ 1 more
- (no CPE)range: >= 8.0.0, < 8.19.16
- (no CPE)range: >= 8.0.0, < 8.19.16
Patches
Vulnerability mechanics
References
1News mentions
1- Kibana: Elastic Discloses 10 CVEs in a Single Day — SSRF, DoS, and Privilege EscalationVypr Intelligence · May 28, 2026