プラットフォーム
other
コンポーネント
kibana-google-gemini-connector
修正版
8.19.10
9.1.10
9.2.4
CVE-2026-0532 is a Server-Side Request Forgery (SSRF) vulnerability discovered in the Kibana Google Gemini Connector. This flaw allows an attacker to trigger arbitrary file disclosure by crafting a malicious credentials JSON payload within the connector configuration. The vulnerability impacts Kibana versions 8.15.0 through 9.2.3, and a fix is available in version 8.19.10.
The SSRF vulnerability in the Kibana Google Gemini Connector enables an attacker with sufficient privileges to create or modify connectors to trigger arbitrary file reads on the server. By manipulating the credentials JSON payload, an attacker can craft requests that bypass intended security controls and access sensitive files. This could lead to the exposure of configuration files, internal documents, or other confidential data stored on the Kibana server. The potential blast radius extends to any data accessible by the Kibana server's file system, depending on the attacker's privileges and the server's configuration.
CVE-2026-0532 was publicly disclosed on 2026-01-14. No public proof-of-concept (POC) code has been released at the time of writing. The EPSS score is pending evaluation. This vulnerability does not appear to be listed on the CISA KEV catalog as of this date.
Organizations utilizing the Kibana Google Gemini Connector, particularly those with lax access controls on connector creation and modification privileges, are at significant risk. Shared hosting environments where multiple users can create connectors are also particularly vulnerable.
• linux / server:
journalctl -u kibana | grep -i "gemini connector"• generic web:
curl -I 'http://your-kibana-url/api/connectors' | grep -i 'server' # Check for unusual server headersdisclosure
エクスプロイト状況
EPSS
0.04% (13% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-0532 is to upgrade Kibana to version 8.19.10 or later. If immediate upgrading is not possible, restrict access to connector creation and modification functionalities to authorized users only. Implement strict input validation on all connector configuration data, specifically scrutinizing the credentials JSON payload for malicious patterns. Consider using a Web Application Firewall (WAF) to filter out potentially malicious requests targeting the connector endpoint. After upgrading, confirm the fix by attempting to create a connector with a crafted payload designed to trigger the SSRF vulnerability; the request should be rejected.
Kibana をバージョン 8.19.10、9.1.10、または 9.2.4 以降にアップデートしてください。 これらのバージョンには、この脆弱性の修正が含まれています。 アップデートにより、任意のファイルディスクロージャと SSRF 攻撃のリスクが軽減されます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-0532 is a HIGH severity SSRF vulnerability affecting Kibana's Google Gemini Connector, allowing arbitrary file disclosure through crafted payloads.
If you are using Kibana versions 8.15.0 through 9.2.3 and have the Google Gemini Connector installed, you are potentially affected by this vulnerability.
Upgrade Kibana to version 8.19.10 or later to remediate the vulnerability. Restrict connector creation/modification access as an interim measure.
As of the current date, there are no confirmed reports of active exploitation of CVE-2026-0532, but vigilance is advised.
Refer to the official Elastic security advisory for CVE-2026-0532 on the Elastic website for detailed information and updates.