SB2026070213 - Improper Output Neutralization for Logs in Kibana
Published: July 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Output Neutralization for Logs (CVE-ID: CVE-2026-49091)
CWE-ID: CWE-117 - Improper Output Neutralization for Logs
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to alter displayed log data and disclose sensitive information.
The vulnerability exists due to improper output neutralization for logs in Kibana log files when processing specially crafted input that is written to logs and later viewed in a terminal that interprets control sequences. A remote user can supply specially crafted input to alter displayed log data and disclose sensitive information.
User interaction is required to view the affected log files in a terminal that interprets control sequences.
Remediation
Install update from vendor's website.