{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4819", "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255", "state": "PUBLISHED", "assignerShortName": "floragunn", "dateReserved": "2026-03-25T13:44:37.576Z", "datePublished": "2026-03-31T14:57:56.792Z", "dateUpdated": "2026-03-31T17:23:46.025Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9f311a02-c44f-4938-8530-9219246b8255", "shortName": "floragunn", "dateUpdated": "2026-03-31T14:57:56.792Z"}, "title": "Search Guard audit logs can contain under certain conditions user credentials", "datePublic": "2026-03-31T10:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "CWE-532", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-522", "description": "CWE-522", "type": "CWE"}]}], "affected": [{"vendor": "floragunn", "product": "Search Guard FLX", "versions": [{"status": "affected", "version": "1.0.0", "lessThanOrEqual": "4.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."}]}], "references": [{"url": "https://search-guard.com/cve-advisory/"}, {"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T17:23:37.990130Z", "id": "CVE-2026-4819", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:23:46.025Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4819", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T17:23:37.990130Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:23:42.774Z"}}], "cna": {"title": "Search Guard audit logs can contain under certain conditions user credentials", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "floragunn", "product": "Search Guard FLX", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.1"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-31T10:00:00.000Z", "references": [{"url": "https://search-guard.com/cve-advisory/"}, {"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.", "supportingMedia": [{"type": "text/html", "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522"}]}], "providerMetadata": {"orgId": "9f311a02-c44f-4938-8530-9219246b8255", "shortName": "floragunn", "dateUpdated": "2026-03-31T14:57:56.792Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4819", "state": "PUBLISHED", "dateUpdated": "2026-03-31T17:23:46.025Z", "dateReserved": "2026-03-25T13:44:37.576Z", "assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255", "datePublished": "2026-03-31T14:57:56.792Z", "assignerShortName": "floragunn"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."}], "id": "CVE-2026-4819", "lastModified": "2026-04-01T14:24:02.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@search-guard.com", "type": "Secondary"}]}, "published": "2026-03-31T16:16:34.730", "references": [{"source": "security@search-guard.com", "url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"}, {"source": "security@search-guard.com", "url": "https://search-guard.com/cve-advisory/"}], "sourceIdentifier": "security@search-guard.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-532"}], "source": "security@search-guard.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,4.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Search Guard FLX", "source": "cna", "vendor": "floragunn"}, "product": "search_guard_flx", "vendor": "floragunn"}], "analysis": {"en": {"generated_at": "2026-03-31T16:50:35.096593+00:00", "value": {"mitigation_remediation": ["Upgrade Search Guard FLX to version 4.1.0 or later, as specified in the official changelog.", "Verify that audit logging no longer records user credentials after the upgrade.", "Restrict file system permissions on audit log files so that only authorized administrators can read them."], "summary": {"action": "Apply Patch", "impact": "Credential disclosure via audit logs"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all installations of Search Guard FLX from version 1.0.0 up to and including 4.0.1, regardless of operating system. Environments that deploy Kibana with Search Guard FLX are at risk until the software is upgraded to a version released after 4.0.1.", "description_and_impact": "Search Guard FLX\u2019s audit logging feature may record user credentials when users authenticate to Kibana in versions 1.0.0 through 4.0.1. This flaw results in accidental exposure of usernames and passwords in log files, mapping to CWE-522 and CWE-532, and represents an inappropriate storage and excessive logging of sensitive data. An attacker who can read these logs could obtain login credentials and use them to further compromise the system.", "risk_and_exploitability": "The CVSS base score of 4.9 indicates a moderate severity. The likely attack vector is local or remote read access to the audit log files, which can be achieved by a user with sufficient file\u2011system permissions or by an attacker who has compromised the host. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting that exploitation has not been widely observed. Nevertheless, because compromised credentials can lead to broader system compromise, administrators should treat this as a priority risk."}}}}, "created": "2026-03-31T19:54:16.466106+00:00", "updated": "2026-03-31T20:38:12.582406+00:00", "vendors": ["floragunn", "floragunn$PRODUCT$search_guard_flx"]}