CVE-2026-4819

Description

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.

CVSS Details

CVSS Score

4.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:search-guard:flx:*:*:*:*:*:*:*:* - VULNERABLE

Search Guard FLX 1.0.0

Search Guard FLX 4.0.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# This script simulates checking if credentials are logged
# Disclaimer: For educational purposes only.

def check_audit_log_leak(target_url, username, password):
    """
    Simulate a login request and check if credentials appear in logs.
    Note: Actual verification requires access to the server's audit logs.
    """
    print(f"[+] Attempting login to {target_url} as {username}")
    # In a real scenario, an attacker would trigger the login
    # and then wait for the log entry to be written.
    # Then the attacker would search the audit logs for the specific password string.
    
    # Example of what a vulnerable log entry might look like:
    log_entry = f"User {username} logged in with credentials: {password}"
    
    if password in log_entry:
        print(f"[!] VULNERABLE: Password found in simulated audit log entry!")
        print(f"Log: {log_entry}")
    else:
        print("[-] Safe: Password not found in log entry.")

# Usage
# check_audit_log_leak("http://localhost:5601", "admin", "secret123")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4819
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4819
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4819/
[4] VulDB https://vuldb.com/cve/CVE-2026-4819
[5] https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0
[6] https://search-guard.com/cve-advisory/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4819", "sourceIdentifier": "[email protected]", "published": "2026-03-31T16:16:34.730", "lastModified": "2026-04-03T13:49:07.970", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-532"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:search-guard:flx:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "4.1.0", "matchCriteriaId": "625754E5-C0D5-4F0A-8788-B31527465BC1"}]}]}], "references": [{"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://search-guard.com/cve-advisory/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}