Volerion logoVolerion
Volerion logoVolerion

Elastic Kibana Missing Authorization Vulnerability in Detection Rule Management Allowing Unauthorized Endpoint Response Actions

Vulnerability

A vulnerability exists in Kibana's server-side Detection Rule Management due to missing authorization. This flaw can enable an authenticated attacker with rule management privileges to improperly configure endpoint response actions, such as host isolation, process termination, and process suspension. The vulnerability arises from accessing functionality not properly constrained by access control lists (ACLs).

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of detection rules, allowing for improper endpoint response actions to be executed.

Remediation

Users can upgrade to Kibana versions 8.19.12, 9.2.6, or 9.3.1 to address this vulnerability. For those unable to upgrade, it is recommended to restrict detection rule management privileges to users who are also authorized for endpoint response actions and to review existing rules for any unauthorized response action configurations that may have been added by unauthorized users.

Added: Mar 19, 2026, 6:24 PM
Updated: Mar 19, 2026, 6:24 PM

Vulnerability Rating

Custom Algorithm
spread
5.7
impact
3.5
exploitability
4.5
remediation
7.9
relevance
4.1
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.