Some management operations on data streams are not properly restricted...

6.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Description

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.

Basic Information

ID CVE-2026-4818

Source floragunn

Published Mar 31, 2026 at 14:53

Modified Mar 31, 2026 at 17:23

Affected Product

Vendor floragunn

Product Search Guard FLX

Version 3.0.0

Affected Versions floragunn Search Guard FLX 3.0.0

CWE Classification

CWE-285 CWE-862

References

{
    "lastseen": "",
    "description": "In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.",
    "published": "2026-03-31T14:53:19.875Z",
    "modified": "2026-03-31T17:23:23.853Z",
    "type": "cve",
    "title": "Some management operations on data streams are not properly restricted when user does not have the necessary privileges",
    "source": "floragunn",
    "references": "https://search-guard.com/cve-advisory/\nhttps://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0",
    "id": "CVE-2026-4818",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "floragunn Search Guard FLX 3.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Search Guard FLX",
    "version": "3.0.0",
    "vendor": "floragunn",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Some management operations on data streams are not properly restricted when user does not have the necessary privileges_CVE-2026-4818