{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4818", "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255", "state": "PUBLISHED", "assignerShortName": "floragunn", "dateReserved": "2026-03-25T13:44:35.684Z", "datePublished": "2026-03-31T14:53:19.875Z", "dateUpdated": "2026-03-31T17:23:23.853Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9f311a02-c44f-4938-8530-9219246b8255", "shortName": "floragunn", "dateUpdated": "2026-03-31T14:53:19.875Z"}, "title": "Some management operations on data streams are not properly restricted when user does not have the necessary privileges", "datePublic": "2026-03-31T10:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-285", "description": "CWE-285", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-862", "description": "CWE-862", "type": "CWE"}]}], "affected": [{"vendor": "floragunn", "product": "Search Guard FLX", "versions": [{"status": "affected", "version": "3.0.0", "lessThanOrEqual": "4.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams."}]}], "references": [{"url": "https://search-guard.com/cve-advisory/"}, {"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T17:23:12.638976Z", "id": "CVE-2026-4818", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:23:23.853Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4818", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T17:23:12.638976Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:23:18.597Z"}}], "cna": {"title": "Some management operations on data streams are not properly restricted when user does not have the necessary privileges", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "floragunn", "product": "Search Guard FLX", "versions": [{"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.1"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-31T10:00:00.000Z", "references": [{"url": "https://search-guard.com/cve-advisory/"}, {"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.", "supportingMedia": [{"type": "text/html", "value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862"}]}], "providerMetadata": {"orgId": "9f311a02-c44f-4938-8530-9219246b8255", "shortName": "floragunn", "dateUpdated": "2026-03-31T14:53:19.875Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4818", "state": "PUBLISHED", "dateUpdated": "2026-03-31T17:23:23.853Z", "dateReserved": "2026-03-25T13:44:35.684Z", "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255", "datePublished": "2026-03-31T14:53:19.875Z", "assignerShortName": "floragunn"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams."}], "id": "CVE-2026-4818", "lastModified": "2026-04-01T14:24:02.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "security@search-guard.com", "type": "Secondary"}]}, "published": "2026-03-31T16:16:34.580", "references": [{"source": "security@search-guard.com", "url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}, {"source": "security@search-guard.com", "url": "https://search-guard.com/cve-advisory/"}], "sourceIdentifier": "security@search-guard.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-862"}], "source": "security@search-guard.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.0.0,4.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Search Guard FLX", "source": "cna", "vendor": "floragunn"}, "product": "search_guard_flx", "vendor": "floragunn"}], "analysis": {"en": {"generated_at": "2026-03-31T17:26:14.750305+00:00", "value": {"mitigation_remediation": ["Check Floragunn documentation for a fixed release; if a newer version that addresses this flaw exists, upgrade the Search Guard FLX installation to that release.", "If an upgrade cannot be performed immediately, enforce stricter role permissions so that non\u2011trusted accounts cannot use data\u2011stream management APIs, and review cluster settings to limit exposure.", "Monitor cluster logs for unauthorized data\u2011stream management activity and audit configuration changes to detect potential abuse."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation via Unauthorized Data-Stream Operations"}, "threat_synthesis": {"affected_systems": "This vulnerability affects the Floragunn Search Guard FLX product in releases from 3.0.0 up to and including 4.0.1. Administrators should confirm whether their deployments run one of these impacted versions.", "description_and_impact": "Search Guard FLX versions 3.0.0 through 4.0.1 lack proper privilege checks for certain data-stream management operations. This weakness allows a user without the required permissions to execute these operations, potentially altering data-stream configurations and exposing confidential information. The flaw arises from missing or incorrect authorization controls (CWE\u2011285) and improper role-based access control (CWE\u2011862).", "risk_and_exploitability": "The CVSS base score is 6.8, indicating moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting limited publicly known exploitation. The likely attack vector would involve sending management requests through exposed cluster\u2011management APIs or command interfaces that are reachable over the network. An attacker needs only network access to those endpoints and authentication to the cluster; if the credentials lack the required privileges, the service still performs the requested operation."}}}}, "created": "2026-03-31T19:54:18.281155+00:00", "updated": "2026-03-31T20:38:13.608885+00:00", "vendors": ["floragunn", "floragunn$PRODUCT$search_guard_flx"]}