Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Multiple vulnerabilities in Elastic Kibana allowing arbitrary file reads and DOS, Patch Immediately!
Image
Published : 15/01/2026
- Last update: 15/01/2026
- Affected software:
→ Elastic Kibana- Type: Server-Side Request Forgery (SSRF), Improper Input Validation, Allocation of Resources Without Limits or Throttling, External Control of File Name or Path
- CVE/CVSS
→ CVE-2026-0532: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
→ CVE-2026-0543: CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
→ CVE-2026-0530: CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
→ CVE-2026-0531: CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Sources
https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524
https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-08/384523
https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-03/384521
https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-04/384522
Risks
These vulnerabilities in different versions of Kibana 7.x, 8.x and 9.x allow an authenticated user to read any file, send arbitrary network requests and cause a complete denial of service for all other users. There is a high impact on Confidentiality and Availability, there is no impact on Integrity. There is no evidence of active exploitation.
Description
CVE-2026-0532
This vulnerability allows an attacker that is authenticated and has privileges to create or modify connectors (Alerts & Connectors: All) to cause arbitrary file disclosure by sending crafted credentials JSON payload in the Google Gemini connector configuration. The server does not properly validate these configurations, allowing for arbitrary network requests and for arbitrary file reads.
Impacted version:
- 8.x: All versions from 8.0.0 up to and including 8.19.9
- 9.x: All versions from 9.0.0 up to and including 9.1.9, all versions from 9.2.0 up to and including 9.2.3
CVE-2026-0543
This vulnerability allows an attacker that is authenticated and has view-level privileges to cause complete service unavailability for all users until a manual restart. When executing a connector action with a specially crafted email address parameter, the attacker can cause an excessive allocation when the application tries to process the email format.
Impacted version:
- 7.x: All versions from 7.10.0 up to and including 7.17.29
- 8.x: All versions from 8.0.0 up to and including 8.19.9
- 9.x: All versions from 9.0.0 up to and including 9.1.9, all versions from 9.2.0 up to and including 9.2.3
CVE-2026-0530
This vulnerability allows an attacker that is authenticated to make Kibana perform redundant processing operations that consume system resources by sending a specially crafted request, leading to service degradation or complete unavailability.
Impacted version:
- 7.x: All versions from 7.10.0 up to and including 7.17.29
- 8.x: All versions from 8.0.0 up to and including 8.19.9
- 9.x: All versions from 9.0.0 up to and including 9.1.9, all versions from 9.2.0 up to and including 9.2.3
CVE-2026-0531
This vulnerability allows an attacker that is authenticated and has low-level privileges equivalent to the viewer role, which grants read access to agent policies, to make Kibana perform redundant database retrieval operations that consume system resources by sending a specially crafted bulk retrieval request, leading a crash of the server and complete unavailability.
Impacted version:
- 7.x: All versions from 7.10.0 up to and including 7.17.29
- 8.x: All versions from 8.0.0 up to and including 8.19.9
- 9.x: All versions from 9.0.0 up to and including 9.1.9, all versions from 9.2.0 up to and including 9.2.3
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://nvd.nist.gov/vuln/detail/CVE-2026-0532
https://nvd.nist.gov/vuln/detail/CVE-2026-0543
https://nvd.nist.gov/vuln/detail/CVE-2026-0530
https://nvd.nist.gov/vuln/detail/CVE-2026-0531