SB2026070210 - Incorrect authorization in Elastic Defend



SB2026070210 - Incorrect authorization in Elastic Defend

Published: July 2, 2026

Security Bulletin ID SB2026070210
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Incorrect authorization (CVE-ID: CVE-2026-56152)

CWE-ID: CWE-863 - Incorrect Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to incorrect authorization in Elastic Defend response actions when accessing response action data. A remote user can access response action data they are not authorized to view to disclose sensitive information.

Only deployments that use Elastic Defend response actions are vulnerable.


Remediation

Install update from vendor's website.