SecAlerts
CVE ListPricingSign Up
Elastic logo

Elastic

Security Risk Profile

40
/100
medium

Security Risk Score

Comprehensive risk assessment based on 308 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from December 9, 2013 to present

308
Total CVEs
103
Critical+High
3
Exploited
70
Unpatched

Threat Assessment

Avg CVSS
6.8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
70
Critical/High
Risk Level
40/100
medium
⚠️ 3 Active Exploits📈 10 in Last 30 Days

Severity Distribution

Critical
21
High
82
Medium
134
Low
5

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
16

Age Distribution

Common Weaknesses (CWE)

1
XSS
30
2
Infoleak
25
3
Code Injection
11
4
SSRF
8
5
Path Traversal
8

Most Affected Products

1. Elastic Kibana358
2. Elastic Elasticsearch108
3. Elastic Logstash67
4. Elastic X-Pack44
5. maven/org.elasticsearch:elasticsearch36

Recent Vulnerabilities

See more →
CVE-2026-49093
CVSS 7.7high

Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

5/28/2026🔧 No Patch
CVE-2026-49094
CVSS 6.5medium

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

5/28/2026🔧 No Patch
CVE-2026-49095
CVSS 7.2high

Improper Input Validation in Kibana Fleet Leading to Privilege Escalation

5/28/2026🔧 No Patch
CVE-2026-42398
CVSS 7.7high

Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

5/28/2026🔧 No Patch
CVE-2026-42399
CVSS 6.5medium

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

5/28/2026🔧 No Patch
CVE-2026-42400
CVSS 6.5medium

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

5/28/2026🔧 No Patch
CVE-2026-42401
CVSS 5.4medium

Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

5/28/2026🔧 No Patch
CVE-2026-33463
CVSS 5.3medium

Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access

5/28/2026🔧 No Patch
CVE-2026-33464
CVSS 6.5medium

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

5/28/2026🔧 No Patch
CVE-2026-33462
CVSS 7.3high

Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts

5/28/2026🔧 No Patch

Monitor Elastic in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

Elastic Security Vulnerabilities & Risk Score | 308 CVEs | SecAlerts - SecAlerts