CVE-2026-33460

Name of the Vulnerable Software and Affected Versions Kibana (affected versions not specified)

Description An incorrect authorization issue in Kibana can lead to cross-space information disclosure through privilege abuse. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces. This occurs because an internal enrollment endpoint bypasses space-scoped access controls by using an unscoped internal client, revealing operational identifiers, policy names, management state, and infrastructure linkage details from unauthorized spaces.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.