Primary

Context

Search Guard FLX Document-Level Security Bypass Vulnerability in Signals Watches

Vulnerability

A vulnerability exists in Search Guard FLX versions 3.1.2 and earlier, where Document-Level Security (DLS) is not properly enforced when searches are initiated from a Signals watch. This oversight allows users to access all documents in the queried indices, regardless of their permissions. The issue arises because, while DLS rules are correctly applied in other contexts, they fail to activate during the execution of Signals watches, leading to unauthorized access to sensitive information.

Impact

Exploitation of this vulnerability allows for unauthorized access to documents in indices queried by Signals watches, bypassing established Document-Level Security rules.

Remediation

Users can upgrade to Search Guard FLX version 3.1.3 or later, where this vulnerability has been fixed. Instructions for upgrading are available in the Search Guard documentation.

Added: Nov 14, 2025, 2:20 PM

Updated: Nov 14, 2025, 5:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Search Guard FLX Document-Level Security Bypass Vulnerability in Signals Watches

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating