CVE-2026-4498

Name of the Vulnerable Software and Affected Versions Kibana (affected versions not specified)

Description Kibana’s Fleet plugin debug route handlers exhibit execution with unnecessary privileges, potentially allowing authenticated users with Fleet sub-feature privileges to read index data beyond their authorized Elasticsearch RBAC scope. This occurs through privilege abuse.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.