Platform
other
Component
kibana-google-gemini-connector
Opgelost in
8.19.10
9.1.10
9.2.4
CVE-2026-0532 is a Server-Side Request Forgery (SSRF) vulnerability discovered in the Kibana Google Gemini Connector. This flaw allows an attacker to trigger arbitrary file disclosure by crafting a malicious credentials JSON payload within the connector configuration. The vulnerability impacts Kibana versions 8.15.0 through 9.2.3, and a fix is available in version 8.19.10.
The SSRF vulnerability in the Kibana Google Gemini Connector enables an attacker with sufficient privileges to create or modify connectors to trigger arbitrary file reads on the server. By manipulating the credentials JSON payload, an attacker can craft requests that bypass intended security controls and access sensitive files. This could lead to the exposure of configuration files, internal documents, or other confidential data stored on the Kibana server. The potential blast radius extends to any data accessible by the Kibana server's file system, depending on the attacker's privileges and the server's configuration.
CVE-2026-0532 was publicly disclosed on 2026-01-14. No public proof-of-concept (POC) code has been released at the time of writing. The EPSS score is pending evaluation. This vulnerability does not appear to be listed on the CISA KEV catalog as of this date.
Organizations utilizing the Kibana Google Gemini Connector, particularly those with lax access controls on connector creation and modification privileges, are at significant risk. Shared hosting environments where multiple users can create connectors are also particularly vulnerable.
• linux / server:
journalctl -u kibana | grep -i "gemini connector"• generic web:
curl -I 'http://your-kibana-url/api/connectors' | grep -i 'server' # Check for unusual server headersdisclosure
Exploit Status
EPSS
0.04% (13% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-0532 is to upgrade Kibana to version 8.19.10 or later. If immediate upgrading is not possible, restrict access to connector creation and modification functionalities to authorized users only. Implement strict input validation on all connector configuration data, specifically scrutinizing the credentials JSON payload for malicious patterns. Consider using a Web Application Firewall (WAF) to filter out potentially malicious requests targeting the connector endpoint. After upgrading, confirm the fix by attempting to create a connector with a crafted payload designed to trigger the SSRF vulnerability; the request should be rejected.
Werk Kibana bij naar versie 8.19.10, 9.1.10 of 9.2.4 of hoger. Deze versies bevatten de correctie voor de kwetsbaarheid. De update zal het risico op willekeurige bestandsbekendmaking en SSRF-aanvallen verminderen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-0532 is a HIGH severity SSRF vulnerability affecting Kibana's Google Gemini Connector, allowing arbitrary file disclosure through crafted payloads.
If you are using Kibana versions 8.15.0 through 9.2.3 and have the Google Gemini Connector installed, you are potentially affected by this vulnerability.
Upgrade Kibana to version 8.19.10 or later to remediate the vulnerability. Restrict connector creation/modification access as an interim measure.
As of the current date, there are no confirmed reports of active exploitation of CVE-2026-0532, but vigilance is advised.
Refer to the official Elastic security advisory for CVE-2026-0532 on the Elastic website for detailed information and updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.