CVE-2026-49095: Kibana Fleet Privilege Escalation via Agent Policy Input Validation Bypass
CVE-2026-49095 is a privilege escalation vulnerability in Elastic Kibana's Fleet agent policy management. An authenticated user with Fleet management permissions can manipulate how agent policies are configured in a way that bypasses input validation. This manipulation tricks Elastic Agents into receiving API keys with permissions beyond what they should have, potentially allowing unauthorized access to Elasticsearch security indices. The vulnerability requires an authenticated attacker with existing Fleet management privileges, limiting the immediate blast radius but posing a significant insider risk to organizations managing large agent fleets.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.5 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
- Weaknesses (CWE)
- CWE-20
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequately validated. An attacker can cause Elastic Agents to be issued API keys with elevated Elasticsearch privileges, potentially granting unauthorized read and write access to sensitive Elasticsearch security indices beyond what is intended for the Fleet management role.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The flaw exists in Kibana's Fleet feature due to improper input validation (CWE-20) in the agent policy configuration override mechanism. An authenticated user with Fleet management privileges can inject malicious values into this mechanism. Because these inputs are not adequately validated, the injected configuration reaches Elastic Agents, which then request API keys from Elasticsearch based on the tampered policy. The resulting API keys are issued with elevated Elasticsearch privileges that exceed the intended scope of the Fleet management role, potentially granting read and write access to Elasticsearch security indices that should remain protected. This is a horizontal privilege escalation within Elasticsearch itself, mediated through compromised agent policies.
Business impact
Organizations relying on Kibana Fleet to manage distributed Elastic Agents face a risk of unauthorized data access and modification. A malicious or compromised internal user with Fleet management privileges could escalate their access to security-sensitive Elasticsearch indices without legitimate authorization. This could lead to exposure of security logs, audit trails, and other sensitive operational data, or unauthorized modification of Elasticsearch security configurations. The impact is particularly acute in multi-tenant or heavily regulated environments where Elasticsearch holds compliance-critical or customer-sensitive information.
Affected systems
Elastic Kibana is affected by this vulnerability. The issue manifests in the Fleet agent policy management feature, so organizations using Kibana Fleet to manage Elastic Agents are at risk. Any deployment where Fleet management roles are assigned to users or service accounts requires remediation. Verify against the official Elastic advisory for specific affected Kibana versions and supported patch versions.
Exploitability
Exploitation requires valid credentials and an authenticated session with Fleet management privileges. The attack surface is constrained to users or service accounts already granted Fleet management permissions. The network accessibility is straightforward (AV:N), no special conditions or timing are required (AC:L), and the action is deterministic once executed. However, the requirement for pre-existing privileged credentials (PR:H) significantly limits the attack scope to insiders or compromised accounts with legitimate Fleet management access. This makes it unsuitable as a worm vector but highly relevant as an insider threat or lateral movement technique post-compromise.
Remediation
Apply the security patch released by Elastic for this vulnerability. Verify the specific patched versions against the official Elastic security advisory. Additionally, implement the principle of least privilege by auditing which users and service accounts have been granted Fleet management permissions. Restrict Fleet management access to only those operators who require it for their operational duties. Monitor for suspicious agent policy modifications, and consider implementing change approval workflows for sensitive policy updates.
Patch guidance
Obtain and deploy the patched Kibana version from Elastic. The patch implements proper input validation in the agent policy configuration override mechanism to prevent injection attacks. Coordinate patching with your Elastic stack deployment strategy; if running Kibana in a highly available configuration, apply patches during scheduled maintenance windows to ensure service continuity. Verify that all Elastic Agents reconnect and re-request API keys after the patched Kibana is deployed, ensuring agents receive properly scoped credentials.
Detection guidance
Monitor Kibana audit logs for unusual modifications to Fleet agent policies, particularly those that alter configuration override values in unexpected ways. Look for agent policy changes initiated by users with Fleet management permissions outside normal maintenance windows or by users who rarely modify policies. On the Elasticsearch side, monitor for API key creation events associated with Fleet-generated requests that contain elevated permissions or scope unexpected security indices. Alert on any API keys issued to agents with permissions that exceed the baseline expected for Fleet agents in your environment.
Why prioritize this
Although the CVSS 3.1 score is 6.5 (MEDIUM), this vulnerability warrants prioritization because it enables privilege escalation within a sensitive component (Elasticsearch security indices) and exploits an internal trust boundary. It is not currently listed in CISA's KEV catalog, but the insider/lateral movement risk is significant. Organizations should prioritize patching based on the sensitivity of data stored in their Elasticsearch instances and the number of users with Fleet management privileges. High-risk deployments (those holding PII, security logs, or compliance-critical data) should patch urgently despite the MEDIUM score.
Risk score, explained
The CVSS 3.1 score of 6.5 reflects a MEDIUM severity rating. The score accounts for network accessibility (AV:N) and low attack complexity (AC:L), but is substantially reduced by the requirement for high-level authenticated privileges (PR:H). The impact is high for confidentiality and integrity (C:H/I:H), but availability is not impacted (A:N), further moderating the score. Organizations storing highly sensitive or regulated data in Elasticsearch should consider the contextual risk higher than the base score suggests, as unauthorized access to security indices could have significant compliance and operational consequences.
Frequently asked questions
Can this vulnerability be exploited by users without Fleet management privileges?
No. The vulnerability requires an authenticated session with Fleet management privileges. Users with only general Kibana access or lower privilege levels cannot exploit this flaw. However, any compromise of an account with Fleet management permissions effectively grants the attacker this capability.
Does this affect all Elastic Agents or only those using Fleet?
Only Elastic Agents managed through Kibana Fleet are at risk. Agents configured manually or through other methods are not affected. The vulnerability requires the agent policy to be delivered and managed through Kibana Fleet.
What is the difference between this vulnerability and a direct Elasticsearch privilege escalation?
This is not a vulnerability in Elasticsearch itself, but rather in Kibana's validation of Fleet policy configurations. The vulnerability uses Kibana as the attack vector to cause Elasticsearch to issue incorrectly scoped API keys. Patching Kibana addresses the root cause; patching Elasticsearch alone would not prevent this attack.
Should we revoke all existing Fleet-managed API keys after patching?
Not necessarily, but it is a best practice to audit API keys and their scopes following patching. If you suspect exploitation occurred before patching, or if you want to ensure a clean state post-patch, revoking and regenerating Fleet-managed API keys will force Elastic Agents to request new, properly scoped credentials from the patched Kibana instance.
This analysis is based on the vulnerability description and CVSS rating provided as of the publication date. Specific patch version numbers, affected Kibana versions, and detailed remediation steps should be verified against the official Elastic security advisory. SEC.co does not endorse any specific patch deployment timeline; prioritization should be based on your organization's risk tolerance, data sensitivity, and operational constraints. This vulnerability does not appear in CISA's KEV catalog as of the analysis date; organizations should continue to monitor for any updates to that status. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-0018MEDIUMAndroid AccessibilityManagerService Denial of Service Vulnerability
- CVE-2026-0051MEDIUMAndroid UBSan Runtime Denial of Service Vulnerability
- CVE-2026-0070MEDIUMAndroid DevicePolicyManagerService Local Denial of Service Vulnerability
- CVE-2026-0085MEDIUMAndroid Contact Handler Denial of Service Vulnerability
- CVE-2026-10004MEDIUMChrome UI Spoofing Vulnerability – Password Dialog Hijacking
- CVE-2026-10566MEDIUMMetaGPT Local Deserialization Vulnerability Exploit Available
- CVE-2026-10912MEDIUMChrome Extension Same-Origin Policy Bypass (CVSS 6.5)
- CVE-2026-10916MEDIUMChrome DevTools UXSS Vulnerability