CVE-2026-26938

Name of the Vulnerable Software and Affected Versions Kibana (affected versions not specified)

Description An issue exists in Kibana Workflows related to improper neutralization of special elements used in a template engine (CWE-1336). This could allow an authenticated attacker with the workflowsManagement:executeWorkflow privilege to read arbitrary files from the Kibana server filesystem and perform Server-Side Request Forgery (SSRF) via Code Injection (CAPEC-242). The vulnerability requires an authenticated user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.