CVE Catalog

CVE-2026-49091

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

CWE-117 vulnerability in Kibana allows injection of unsanitized data into logs. An attacker can supply specially crafted input that is written to log files without proper neutralization. When logs are viewed in a terminal that interprets control sequences, the injected content may alter the displayed log data.

Risk Assessment

The risk involves potential log manipulation, which can hide attack traces, mislead administrators, or falsify security events. This may hinder incident detection and analysis.

Recommendation

Update Kibana to a patched version. Additionally, implement output neutralization mechanisms for logs and use secure terminals for log viewing.

Original NVD description (English source)

Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log Injection-Tampering-Forging (CAPEC-93). An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal that interprets control sequences, the injected content may alter the displayed log data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS