CVE-2026-49093

Name of the Vulnerable Software and Affected Versions Kibana (affected versions not specified)

Description An authenticated user with connector management privileges can perform a Server-Side Request Forgery (SSRF), which is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location. This allows the user to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations that egress controls were intended to block.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.