Incorrect authorization in Elastic Defend - CVE-2026-56152

 

Incorrect authorization in Elastic Defend - CVE-2026-56152

Published: July 2, 2026


Vulnerability identifier: #VU136673
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-56152
CWE-ID: CWE-863
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Elastic Stack
Affected software:
Elastic Defend

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to incorrect authorization in Elastic Defend response actions when accessing response action data. A remote user can access response action data they are not authorized to view to disclose sensitive information.

Only deployments that use Elastic Defend response actions are vulnerable.


How to mitigate CVE-2026-56152

Install security update from vendor's website.

Sources