Medium severity5.3NVD Advisory· Published May 28, 2026
CVE-2026-33463
CVE-2026-33463
Description
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A logic error in Kibana's expiration timestamp validation allows time-bounded file access tokens to remain usable beyond expiry, leading to unauthorized content disclosure.
Vulnerability
A logic error in how expiration timestamps are validated (CWE-672) in Kibana's public file sharing feature allows a time-bounded access token to remain usable beyond its intended validity window. The affected versions are 8.0.0 through 8.19.15 and 9.0.0 through 9.3.4. Deployments that issue time-bounded download links are impacted; those that do not use the public file sharing feature are unaffected [1].
Exploitation
An unauthenticated attacker who possesses a valid time-bounded access token (obtained before its intended expiry) can continue to use that token to retrieve the associated file content after the token's expiry time has passed. No additional authentication or user interaction is required; the attacker simply needs the token and a network connection to the Kibana instance [1].
Impact
Successful exploitation results in unauthorized disclosure of the file content linked to the expired token. The CVSSv3.1 score is 5.3 (Medium) with a confidentiality impact of Low and no impact on integrity or availability. The attacker gains access to content that was meant to be time-limited [1].
Mitigation
The vulnerability is fixed in Kibana versions 8.19.16 and 9.3.5 [1]. For deployments that cannot upgrade immediately, revoke all active public file share tokens and avoid issuing new ones until the update is applied. It is also recommended to restrict the file-sharing functionality to trusted administrators. Elastic Cloud Serverless environments were patched before public disclosure [1].
AI Insight generated on May 28, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
3ef72a09ee27d[8.19] Fix CVE-2026-42338: upgrade ip-address transitive dependency (#270388) (#270481)
2 files changed · +16 −33
package.json+2 −1 modified@@ -89,7 +89,7 @@ "**/chokidar": "3.5.3", "**/d3-scale/**/d3-color": "npm:@elastic/kibana-d3-color@2.0.1", "**/esbuild": "0.27.2", - "**/express-rate-limit": "8.3.0", + "**/express-rate-limit": "8.5.2", "**/fast-xml-parser": "5.5.7", "**/hoist-non-react-statics": "3.3.2", "**/hono": "4.12.19", @@ -99,6 +99,7 @@ "**/remark-parse/trim": "1.0.1", "**/serialize-javascript": "7.0.5", "**/sharp": "0.34.4", + "**/socks": "2.8.9", "**/typescript": "5.9.3", "**/util": "0.12.5", "**/yauzl": "3.2.1",
yarn.lock+14 −32 modified@@ -20203,12 +20203,12 @@ expose-loader@5.0.0: resolved "https://registry.yarnpkg.com/expose-loader/-/expose-loader-5.0.0.tgz#41368903eb1246b7c09fecf32c5cb3f67d0260e6" integrity sha512-BtUqYRmvx1bEY5HN6eK2I9URUZgNmN0x5UANuocaNjXSgfoDlkXt+wyEMe7i5DzDNh2BKJHPc5F4rBwEdSQX6w== -express-rate-limit@8.3.0, express-rate-limit@^8.2.1: - version "8.3.0" - resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-8.3.0.tgz#0ed00d3af24bcf74930d884a78595a96b0a9838c" - integrity sha512-KJzBawY6fB9FiZGdE/0aftepZ91YlaGIrV8vgblRM3J8X+dHx/aiowJWwkx6LIGyuqGiANsjSwwrbb8mifOJ4Q== +express-rate-limit@8.5.2, express-rate-limit@^8.2.1: + version "8.5.2" + resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-8.5.2.tgz#5922dbf76df2124611cea955d93432b37514b2f3" + integrity sha512-5Kb34ipNX694DH48vN9irak1Qx30nb0PLYHXfJgw4YEjiC3ZEmZJhwOp+VfiCYwFzvFTdB9QkArYS5kXa2cx2A== dependencies: - ip-address "10.1.0" + ip-address "^10.2.0" express@4.21.2: version "4.21.2" @@ -22723,18 +22723,10 @@ io-ts@2.2.22, io-ts@^2.2.22: resolved "https://registry.yarnpkg.com/io-ts/-/io-ts-2.2.22.tgz#5ab0d3636fe8494a275f0266461ab019da4b8d0b" integrity sha512-FHCCztTkHoV9mdBsHpocLpdTAfh956ZQcIkWQxxS0U5HT53vtrcuYdQneEJKH6xILaLNzXVl2Cvwtoy8XNN0AA== -ip-address@10.1.0: - version "10.1.0" - resolved "https://registry.yarnpkg.com/ip-address/-/ip-address-10.1.0.tgz#d8dcffb34d0e02eb241427444a6e23f5b0595aa4" - integrity sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q== - -ip-address@^9.0.5: - version "9.0.5" - resolved "https://registry.yarnpkg.com/ip-address/-/ip-address-9.0.5.tgz#117a960819b08780c3bd1f14ef3c1cc1d3f3ea5a" - integrity sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g== - dependencies: - jsbn "1.1.0" - sprintf-js "^1.1.3" +ip-address@^10.1.1, ip-address@^10.2.0: + version "10.2.0" + resolved "https://registry.yarnpkg.com/ip-address/-/ip-address-10.2.0.tgz#805fc178b20c518bd4c8548b24fe30892d7f3206" + integrity sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA== ip-regex@^4.1.0: version "4.3.0" @@ -24034,11 +24026,6 @@ js-yaml@^3.13.1: argparse "^1.0.7" esprima "^4.0.0" -jsbn@1.1.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-1.1.0.tgz#b01307cb29b618a1ed26ec79e911f803c4da0040" - integrity sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A== - jsbn@~0.1.0: version "0.1.1" resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513" @@ -30894,12 +30881,12 @@ socks-proxy-agent@^8.0.5: debug "^4.3.4" socks "^2.8.3" -socks@^2.8.3: - version "2.8.3" - resolved "https://registry.yarnpkg.com/socks/-/socks-2.8.3.tgz#1ebd0f09c52ba95a09750afe3f3f9f724a800cb5" - integrity sha512-l5x7VUUWbjVFbafGLxPWkYsHIhEvmF85tbIeFZWc8ZPtoMyybuEhL7Jye/ooC4/d48FgOjSJXgsF/AJPYCW8Zw== +socks@2.8.9, socks@^2.8.3: + version "2.8.9" + resolved "https://registry.yarnpkg.com/socks/-/socks-2.8.9.tgz#aa5f130ca0f88a43fa44faf4869c50d22aa27752" + integrity sha512-LJhUYUvItdQ0LkJTmPeaEObWXAqFyfmP85x0tch/ez9cahmhlBBLbIqDFnvBnUJGagb0JbIQrkBs1wJ+yRYpEw== dependencies: - ip-address "^9.0.5" + ip-address "^10.1.1" smart-buffer "^4.2.0" sonic-boom@^3.1.0: @@ -31145,11 +31132,6 @@ split2@^4.0.0: resolved "https://registry.yarnpkg.com/split2/-/split2-4.1.0.tgz#101907a24370f85bb782f08adaabe4e281ecf809" integrity sha512-VBiJxFkxiXRlUIeyMQi8s4hgvKCSjtknJv/LVYbrgALPwf5zSKmEwV9Lst25AkvMDnvxODugjdl6KZgwKM1WYQ== -sprintf-js@^1.1.3: - version "1.1.3" - resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.3.tgz#4914b903a2f8b685d17fdf78a70e917e872e444a" - integrity sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA== - sprintf-js@~1.0.2: version "1.0.3" resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
209c12d77d1b[Scout] Update test config manifests (#270528)
1 file changed · +130 −18
x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/.meta/ui/standard.json+130 −18 modified@@ -1,5 +1,5 @@ { - "sha1": "50b5dfba62ac64690de376d8bc22cd52d75b4e93", + "sha1": "d17dc6f8487721a630d816876f7496bd8d02b0cc", "tests": [ { "id": "709f30ae5fb788f-05a1663c9e84f0e", @@ -221,7 +221,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 71, + "line": 74, "column": 7 } }, @@ -235,7 +235,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 77, + "line": 80, "column": 7 } }, @@ -249,7 +249,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 100, + "line": 103, "column": 7 } }, @@ -263,7 +263,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 108, + "line": 111, "column": 7 } }, @@ -277,7 +277,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 112, + "line": 115, "column": 7 } }, @@ -291,7 +291,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 118, + "line": 121, "column": 7 } }, @@ -305,7 +305,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 137, + "line": 141, "column": 7 } }, @@ -319,7 +319,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 144, + "line": 148, "column": 7 } }, @@ -333,7 +333,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 152, + "line": 156, "column": 7 } }, @@ -347,7 +347,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 161, + "line": 165, "column": 7 } }, @@ -361,7 +361,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 177, + "line": 181, "column": 7 } }, @@ -375,7 +375,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 192, + "line": 196, "column": 7 } }, @@ -389,7 +389,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 202, + "line": 206, "column": 7 } }, @@ -403,7 +403,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 218, + "line": 222, "column": 7 } }, @@ -417,7 +417,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 226, + "line": 233, "column": 7 } }, @@ -431,7 +431,7 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 233, + "line": 240, "column": 7 } }, @@ -445,7 +445,119 @@ ], "location": { "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/discovery.spec.ts", - "line": 243, + "line": 250, + "column": 7 + } + }, + { + "id": "7b807c730155cc2-79d3cf13237ee2d", + "title": "Discover ES|QL should switch the query bar to ES|QL and display the default sample query", + "expectedStatus": "passed", + "tags": [ + "@local-stateful-classic", + "@cloud-stateful-classic" + ], + "location": { + "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/esql.spec.ts", + "line": 155, + "column": 7 + } + }, + { + "id": "7b807c730155cc2-75f10f82cef9fbf", + "title": "Discover ES|QL should display a metric visualization for ES|QL STATS queries (count and sum)", + "expectedStatus": "passed", + "tags": [ + "@local-stateful-classic", + "@cloud-stateful-classic" + ], + "location": { + "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/esql.spec.ts", + "line": 174, + "column": 7 + } + }, + { + "id": "7b807c730155cc2-1081a7397d42c88", + "title": "Discover ES|QL should open the inline edit visualization flyout for an ES|QL chart", + "expectedStatus": "passed", + "tags": [ + "@local-stateful-classic", + "@cloud-stateful-classic" + ], + "location": { + "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/esql.spec.ts", + "line": 189, + "column": 7 + } + }, + { + "id": "7b807c730155cc2-4b67968e425b300", + "title": "Discover ES|QL should save an ES|QL visualization to a new dashboard from Discover", + "expectedStatus": "passed", + "tags": [ + "@local-stateful-classic", + "@cloud-stateful-classic" + ], + "location": { + "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/esql.spec.ts", + "line": 210, + "column": 7 + } + }, + { + "id": "7b807c730155cc2-dc0e7a2eb6e2df6", + "title": "Discover ES|QL should edit, explore in Discover, and copy an ES|QL panel from a dashboard", + "expectedStatus": "passed", + "tags": [ + "@local-stateful-classic", + "@cloud-stateful-classic" + ], + "location": { + "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/esql.spec.ts", + "line": 230, + "column": 7 + } + }, + { + "id": "7b807c730155cc2-f21c2c6ffe20444", + "title": "Discover ES|QL should restrict sidebar fields and grid columns to KEEP-listed fields", + "expectedStatus": "passed", + "tags": [ + "@local-stateful-classic", + "@cloud-stateful-classic" + ], + "location": { + "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/esql.spec.ts", + "line": 284, + "column": 7 + } + }, + { + "id": "7b807c730155cc2-8bbbfff9121d488", + "title": "Discover ES|QL should embed a saved ES|QL Discover session on a dashboard and interact with its table", + "expectedStatus": "passed", + "tags": [ + "@local-stateful-classic", + "@cloud-stateful-classic" + ], + "location": { + "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/esql.spec.ts", + "line": 305, + "column": 7 + } + }, + { + "id": "7b807c730155cc2-ab47176f22b71bd", + "title": "Discover ES|QL should save an ES|QL bar histogram to a dashboard and edit it inline", + "expectedStatus": "passed", + "tags": [ + "@local-stateful-classic", + "@cloud-stateful-classic" + ], + "location": { + "file": "x-pack/platform/packages/private/kbn-scout-release-testing/test/scout/ui/tests/discover/esql.spec.ts", + "line": 347, "column": 7 } },
db396449a69d[9.3] [Scout] Don't create test track if no load candidates are identified (#270584) (#270599)
3 files changed · +29 −4
src/platform/packages/shared/kbn-scout/src/cli/create_test_tracks.ts+15 −3 modified@@ -549,19 +549,31 @@ export const createTestTracks: Command<void> = { : [...new Set(loads.map((load) => load.config.server.configSet))]; // Each server config set gets its own track - return configSets.map((configSet) => { + return configSets.flatMap((configSet): TestTrack[] => { log.info( `Building test track for test target '${target.tag}' with server config set '${configSet}'` ); + + const enabledLoads = loads.filter( + (load) => load.enabled && load.config.server.configSet === configSet + ); + + if (enabledLoads.length === 0) { + log.warning( + `No enabled test loads found for test target '${target.tag}' and server config set '${configSet}'` + ); + return []; + } + const track = buildTrack( Math.max(minimumRuntime, runtimeTarget), estimatedLaneSetupDuration, target, - loads.filter((load) => load.enabled && load.config.server.configSet === configSet), + enabledLoads, log ); track.metadata.server = { configSet }; - return track; + return [track]; }); }) .toArray();
src/platform/packages/shared/kbn-scout/src/execution/test_track.test.ts+10 −0 modified@@ -19,6 +19,16 @@ describe('TestTrack', () => { expect(track.leastLoadedOpenLane).toBe(undefined); }); + it('should produce valid stats for an empty track specification', () => { + const track = new TestTrack({ runtimeTarget: 10 }); + const spec = track.specification; + + expect(spec.stats.lane.count).toBe(0); + expect(spec.stats.lane.saturationPercent).toBe(0); + expect(spec.stats.combinedRuntime.target).toBe(0); + expect(spec.lanes).toEqual([]); + }); + it('closes the lane when one load fills it entirely', () => { const track = new TestTrack({ runtimeTarget: 10 });
src/platform/packages/shared/kbn-scout/src/execution/test_track.ts+4 −1 modified@@ -236,7 +236,10 @@ export class TestTrack { stats: { lane: { count: this.laneCount, - saturationPercent: parseFloat(((expectedRuntime / provisionedRuntime) * 100).toFixed(2)), + saturationPercent: + provisionedRuntime !== 0 + ? parseFloat(((expectedRuntime / provisionedRuntime) * 100).toFixed(2)) + : 0, longestEstimate: longestLaneEstimate, shortestEstimate: shortestLaneEstimate, },
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.