Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to operators with log access.
History

Wed, 01 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to operators with log access.
Title Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2026-07-01T17:25:07.634Z

Reserved: 2026-05-27T11:31:33.582Z

Link: CVE-2026-49088

cve-icon Vulnrichment

Updated: 2026-07-01T17:20:44.755Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.