{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4799", "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255", "state": "PUBLISHED", "assignerShortName": "floragunn", "dateReserved": "2026-03-25T08:43:23.387Z", "datePublished": "2026-03-31T14:41:05.646Z", "dateUpdated": "2026-03-31T17:20:02.797Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9f311a02-c44f-4938-8530-9219246b8255", "shortName": "floragunn", "dateUpdated": "2026-03-31T14:41:05.646Z"}, "title": "Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests", "datePublic": "2026-03-31T10:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-601", "description": "CWE-601 URL redirection to untrusted site ('open redirect')", "type": "CWE"}]}], "affected": [{"vendor": "floragunn", "product": "Search Guard FLX", "versions": [{"status": "affected", "version": "1.0.0", "lessThanOrEqual": "4.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL."}]}], "references": [{"url": "https://search-guard.com/cve-advisory/"}, {"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T17:19:54.253854Z", "id": "CVE-2026-4799", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:20:02.797Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T17:19:54.253854Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:19:58.969Z"}}], "cna": {"title": "Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "floragunn", "product": "Search Guard FLX", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.1"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-31T10:00:00.000Z", "references": [{"url": "https://search-guard.com/cve-advisory/"}, {"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.", "supportingMedia": [{"type": "text/html", "value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL redirection to untrusted site ('open redirect')"}]}], "providerMetadata": {"orgId": "9f311a02-c44f-4938-8530-9219246b8255", "shortName": "floragunn", "dateUpdated": "2026-03-31T14:41:05.646Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4799", "state": "PUBLISHED", "dateUpdated": "2026-03-31T17:20:02.797Z", "dateReserved": "2026-03-25T08:43:23.387Z", "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255", "datePublished": "2026-03-31T14:41:05.646Z", "assignerShortName": "floragunn"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:search-guard:flx:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C65AC7E-E982-4294-A251-29C6906A2937", "versionEndExcluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL."}], "id": "CVE-2026-4799", "lastModified": "2026-04-03T15:20:31.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@search-guard.com", "type": "Secondary"}]}, "published": "2026-03-31T15:16:21.137", "references": [{"source": "security@search-guard.com", "tags": ["Release Notes"], "url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}, {"source": "security@search-guard.com", "tags": ["Vendor Advisory"], "url": "https://search-guard.com/cve-advisory/"}], "sourceIdentifier": "security@search-guard.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security@search-guard.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,4.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Search Guard FLX", "source": "cna", "vendor": "floragunn"}, "product": "search_guard_flx", "vendor": "floragunn"}], "analysis": {"en": {"generated_at": "2026-04-03T17:52:08.177894+00:00", "value": {"mitigation_remediation": ["Upgrade Search Guard FLX to version 4.1.0 or later", "Verify that redirect URLs are no longer accepted by performing a test request", "If an immediate upgrade is not feasible, configure network firewalls or reverse proxy rules to block redirects to untrusted domains"], "summary": {"action": "Patch", "impact": "Open Redirect"}, "threat_synthesis": {"affected_systems": "Affected product is Search Guard FLX (floragunn), a Kibana plugin. Versions through 4.0.1 include the issue. Version 4.1.0 and later contain the fix. The product is available for all platforms per the CPE entry.", "description_and_impact": "The flaw permits attackers to craft requests that redirect users to any external URL. This open redirect flaw is identified as CWE\u2011601. While the vulnerability does not provide code execution or direct data exfiltration, it can be used to steer users to malicious sites, potentially resulting in phishing or credential phishing.", "risk_and_exploitability": "CVSS score 4.3 indicates moderate severity. EPSS below 1\u202f% suggests low exploitation likelihood in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that authentication is not required to trigger the redirect; any client that can reach the Search Guard\u2011protected Kibana instance may craft the malicious request. Consequently, the potential attack surface is broad. Exploitation requires only sending a crafted request, which can be performed via a web browser or automated tools once the target URL is exposed."}}}}, "created": "2026-03-31T19:54:20.121706+00:00", "updated": "2026-04-03T21:17:42.118123+00:00", "vendors": ["floragunn", "floragunn$PRODUCT$search_guard_flx"]}