cvedb.io
CVE-2026-49088
MEDIUM · CVSS 4.4
EPSS exploitation probability: 0%
Published 2026-07-01T17:16:35.807 · Last modified 2026-07-02T17:52:31.750

Summary

Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to operators with log access.

Affected products

elastic — kibana

Does this affect you?

Add your gear to cvedb and we'll alert you only when elastic ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.