Improper Output Neutralization for Logs in Kibana - CVE-2026-49091
Published: July 2, 2026
Kibana
Detailed vulnerability description
The vulnerability allows a remote user to alter displayed log data and disclose sensitive information.
The vulnerability exists due to improper output neutralization for logs in Kibana log files when processing specially crafted input that is written to logs and later viewed in a terminal that interprets control sequences. A remote user can supply specially crafted input to alter displayed log data and disclose sensitive information.
User interaction is required to view the affected log files in a terminal that interprets control sequences.