SB2026070210 - Incorrect authorization in Elastic Defend
Published: July 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Incorrect authorization (CVE-ID: CVE-2026-56152)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to incorrect authorization in Elastic Defend response actions when accessing response action data. A remote user can access response action data they are not authorized to view to disclose sensitive information.
Only deployments that use Elastic Defend response actions are vulnerable.
Remediation
Install update from vendor's website.