CVE-2026-4818

Published: Mar 31, 2026Modified: Apr 3, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.

Affected (1)

Products: Search Guard: Flx

Search Guard

1 product

Flx

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Search Guard Flx	From 3.0.0 to 4.1.0

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0

Source: security@search-guard.com

Release Notes

https://search-guard.com/cve-advisory/

Source: security@search-guard.com

Vendor Advisory

Timeline

No history available yet.