PT-2026-54770 · Elastic · Kibana
Kruskall
·
Published
2026-07-01
·
Updated
2026-07-02
·
CVE-2026-49091
CVSS v3.1
8.0
High
| Vector | AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kibana (affected versions not specified)
Description
Improper output neutralization for logs allows for log injection. An attacker can provide specially crafted input that is written to log files without being properly neutralized. If these log files are viewed in a terminal that interprets control sequences, the injected content can alter the displayed log data.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kibana