Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-56151

Improper Input Validation in Kibana Leading to Denial of Service_CVE-2026-56151

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can sub...

Elastic Kibana 9.0.0 CVE
MEDIUM 6.5 CVE-2026-56150

Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service_CVE-2026-56150

Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130)...

Elastic Fleet Server 9.0.0 CVE
MEDIUM 4.9 CVE-2026-56149

Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service_CVE-2026-56149

Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130...

Elastic Elasticsearch 9.4.0 CVE
MEDIUM 6.5 CVE-2026-56148

Uncontrolled Recursion in Elasticsearch Leading to Denial of Service_CVE-2026-56148

Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can s...

Elastic Elasticsearch 9.4.0 CVE
HIGH 7.5 CVE-2026-54399

Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration_CVE-2026-54399

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earl...

Apache Software Foundation Apache HttpComponents Core 5.5-alpha CVE
MEDIUM 4.4 CVE-2026-49088

Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure_CVE-2026-49088

Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance ...

Elastic Kibana 8.0.0 CVE
MEDIUM 6.5 CVE-2026-49087

Allocation of Resources Without Limits or Throttling in Kibana Leading to Denial of Service_CVE-2026-49087

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An a...

Elastic Kibana 9.0.0 CVE
CRITICAL 9.3 CVE-2026-34117

Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text_to_subtitles.php_CVE-2026-34117

Guardian language-system passes the id GET parameter directly into a PHP exec() call in text_to_subtitles.php (line 19) without sanitization: exec(...

guardian language-system CVE
CRITICAL 9.3 CVE-2026-34116

Guardian Language-System Unauthenticated OS Command Injection via id Parameter in transcribe.php_CVE-2026-34116

Guardian language-system passes the id GET parameter directly into a PHP exec() call in transcribe.php (line 15) without sanitization: exec(\"php j...

guardian language-system CVE
CRITICAL 9.3 CVE-2026-34115

Guardian Language-System Unauthenticated OS Command Injection via id Parameter in transcribe_amazon.php_CVE-2026-34115

Guardian language-system passes the id GET parameter directly into a PHP exec() call in transcribe_amazon.php (line 15) without sanitization: exec(...

guardian language-system CVE