CVE-2026-42398

Name of the Vulnerable Software and Affected Versions Kibana (affected versions not specified)

Description Server-Side Request Forgery (SSRF) allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause the system to issue outbound requests to destinations that egress restriction controls were intended to block.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.