cvedb.io
CVE-2026-33458
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2026-04-08T18:26:00.267 · Last modified 2026-06-17T10:37:31.947

Summary

Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data.

Affected products

elastic — kibana

Does this affect you?

Add your gear to cvedb and we'll alert you only when elastic ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.