Cyber Resilience

CVE-2026-0532

HighUpdated

Published: 14 January 2026

Published
14 January 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0031 22.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0532 is a high-severity SSRF (CWE-918) vulnerability in Elastic (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 22.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as APIs and Models; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-0532 is a vulnerability combining External Control of File Name or Path (CWE-73) with Server-Side Request Forgery (CWE-918) in the Google Gemini connector configuration within Kibana's Alerts & Connectors feature. The issue arises because the server processes connector configurations without proper validation of a specially crafted credentials JSON payload, enabling arbitrary network requests and file reads. It affects Elastic Stack deployments using Kibana, with a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

An attacker with authenticated access and privileges sufficient to create or modify connectors can exploit this vulnerability. By submitting a malicious credentials JSON payload, they can trick the server into performing arbitrary file disclosures and network requests, potentially exposing sensitive data on the server or internal network resources.

Elastic's security advisory ESA-2026-05 addresses this issue with patches in Kibana versions 8.19.10, 9.1.10, and 9.2.4, as detailed in the update announcement at https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524.

The vulnerability targets the Google Gemini connector, which integrates an AI/ML model, highlighting risks in AI-related plugin configurations within security platforms. No public information on real-world exploitation is available.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker…

more

to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads.

CWE(s)

AI Security AnalysisAI

AI Category
APIs and Models
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: gemini

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

Direct arbitrary file read via path control enables T1005; SSRF enables internal network service discovery via T1046.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-14610Shared CWE-918
CVE-2026-34428Shared CWE-918
CVE-2025-0474Shared CWE-918
CVE-2025-55161Shared CWE-918
CVE-2024-37359Shared CWE-918
CVE-2024-12450Shared CWE-918
CVE-2025-55853Shared CWE-918
CVE-2026-41060Shared CWE-918
CVE-2024-57767Shared CWE-918
CVE-2025-71258Shared CWE-918

Affected Assets

Elastic
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of validation on the specially crafted credentials JSON payload that enables CWE-73 path traversal and CWE-918 SSRF for arbitrary file disclosure and network requests.

prevent

Requires timely identification, reporting, and correction of flaws like this unpatched Kibana connector vulnerability, with patches available in versions 8.19.10, 9.1.10, and 9.2.4.

prevent

Enforces least privilege to restrict authenticated users from having unnecessary permissions to create or modify connectors, blocking exploitation even if the validation flaw exists.

References