← back
CVE-2026-4819

Search Guard audit logs can contain under certain conditions user credentials

CVSS 4.9 MEDIUMEPSS 0.2%CWE-522CWE-532
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
floragunn · Search Guard FLX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0https://search-guard.com/cve-advisory/