VYPR
Medium severity5.3NVD Advisory· Published May 28, 2026· Updated May 29, 2026

CVE-2026-33463

CVE-2026-33463

Description

Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Elastic/Kibanainferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <8.19.16, <9.3.5
  • osv-coords2 versions
    >= 8.0.0, < 8.19.16+ 1 more
    • (no CPE)range: >= 8.0.0, < 8.19.16
    • (no CPE)range: >= 8.0.0, < 8.19.16

Patches

Vulnerability mechanics

References

1

News mentions

1