Medium severity5.3NVD Advisory· Published May 28, 2026· Updated May 29, 2026
CVE-2026-33463
CVE-2026-33463
Description
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
>= 8.0.0, < 8.19.16+ 1 more
- (no CPE)range: >= 8.0.0, < 8.19.16
- (no CPE)range: >= 8.0.0, < 8.19.16
Patches
Vulnerability mechanics
References
1- discuss.elastic.co/t/8-19-16-9-3-5-security-update-esa-2026-33/386551nvdVendor Advisory
News mentions
1- Kibana: Elastic Discloses 10 CVEs in a Single Day — SSRF, DoS, and Privilege EscalationVypr Intelligence · May 28, 2026