CNNVD-202601-2460 Information

Jan 14, 2026 cve

CNNVD ID

CNNVD-202601-2460

CVE-2026-0532

CNNVD Published: 2026-01-14

Description (Chinese)

Elastic Kibana是Elastic公司的一个可用数据可视化仪表板软件。 Elastic Kibana存在安全漏洞，该漏洞源于在处理Google Gemini连接器的配置时，未能对用户提供的凭据JSON负载进行充分的验证，可能导致服务端请求伪造和任意文件泄露。

Description (English)

Elastic Kibana is a usable data visualization dashboard software for Elastic. Elastic Kibana has a security loophole, which stems from the failure to adequately verify the user ’ s supporting JSON load when handling the configuration of Google Gemini connectors, which could lead to the service requesting forgery and arbitrary document disclosure.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Elastic

Published

2026-01-14

Last Modified

2026-02-24

References

https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524

Patch

https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524

Share on: