Kibana Workflows Template Injection Enables SSRF and Arbitrary File Read (CVE-2026-26938)
Elastic disclosed CVE-2026-26938, a high-severity (CVSS 8.6) issue in Kibana Workflows caused by improper neutralization of special elements in a template engine (CWE-1336). The flaw can enable code injection (CAPEC-242) that allows server-side request forgery (SSRF) and arbitrary file read from the Kibana server filesystem when the vulnerable workflow execution path is reached.
The issue is fixed in Kibana 9.3.1 (ESA-2026-17). Exploitation requires an authenticated user with the workflowsManagement:executeWorkflow privilege; the Workflows feature is off by default (technical preview in 9.3.0) and must be explicitly enabled in Advanced Settings, reducing exposure in default deployments. For organizations that cannot immediately upgrade, Elastic recommends disabling Workflows; Elastic also noted its Elastic Cloud Serverless offering was remediated prior to public disclosure under its continuous patching model.
Timeline
Apr 8, 2026
Elastic publishes Kibana 8.19.14, 9.2.8, and 9.3.3 security update
Elastic published security advisory ESA-2026-21 announcing Kibana versions 8.19.14, 9.2.8, and 9.3.3. This is a new vendor security update disclosed after the earlier ESA-2026-17 advisory.
Feb 26, 2026
CVE-2026-26938 is assigned and publicly listed
CVE-2026-26938 was publicly listed as an improper neutralization flaw in Kibana Workflows. The entry described the issue's impact, including arbitrary file read and SSRF, and referenced Elastic's ESA-2026-17 advisory.
Feb 26, 2026
Elastic publishes Kibana 9.3.1 security update for CVE-2026-26938
Elastic published security advisory ESA-2026-17 announcing Kibana 9.3.1 to address CVE-2026-26938, a Kibana Workflows template engine flaw. The vulnerability could let an authenticated user with workflowsManagement:executeWorkflow privileges read arbitrary files and perform server-side request forgery via code injection.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
Related Stories
Elastic Stack Patches High-Severity Kibana SSRF/File Disclosure and Elasticsearch LZ4 Information Disclosure
Elastic issued security updates for *Elasticsearch* and *Kibana* (8.19.10, 9.1.10, 9.2.4) to address multiple vulnerabilities, including two high-severity issues with significant data-exposure risk. In Kibana, **CVE-2026-0532** (CVSS 8.6) affects the **Google Gemini connector** and combines *SSRF* with *external control of file name/path* to enable **arbitrary file disclosure** and arbitrary outbound network requests via a specially crafted `credentials` JSON payload; exploitation requires authenticated access with privileges to create or modify connectors. Elasticsearch addressed an **information disclosure** flaw in the **yawkat LZ4 Java** decompressor (**CVE-2025-66566**) that can leak prior buffer contents when an attacker sends specially crafted compressed input over the transport layer; affected versions span 7.14.0–7.17.29, 8.0.0–8.19.9, and 9.0.0–9.2.3. Elastic recommended upgrading to the fixed releases and provided mitigations for those unable to patch immediately, including switching `transport.compression_scheme` to `deflate` or disabling transport compression (`transport.compress: false`), while Kibana users can mitigate by disabling the vulnerable connector type via `xpack.actions.enabledActionTypes` configuration; Elastic Cloud Serverless was reported as remediated prior to public disclosure.
1 months ago
Critical RCE Vulnerability in Elastic Cloud Enterprise via Jinjava Template Injection
Elastic Cloud Enterprise (ECE) was found to contain a critical remote code execution (RCE) vulnerability, identified as CVE-2025-37729, which carries a CVSS score of 9.1, indicating its high severity. The flaw arises from improper neutralization of special elements in the Jinjava template engine, a component used within ECE’s configuration templates. Attackers with administrative access can exploit this vulnerability by submitting specially crafted strings that are evaluated by Jinjava, allowing them to execute arbitrary commands on the server. This could lead to exfiltration of sensitive information and full compromise of affected ECE deployments. The vulnerability specifically impacts ECE versions 2.5.0 up to and including 3.8.1, and versions 4.0.0 up to and including 4.0.1. Exploitation requires access to the ECE admin console and interaction with deployments configured with the Logging+Metrics feature enabled. By leveraging this flaw, a malicious actor can inject code through deployment plans and retrieve the results via ingested logs, effectively achieving server-side code execution. Elastic has responded by releasing patched versions 3.8.2 and 4.0.2, which address the issue by hardening the Jinjava variable evaluation process. The vulnerability was publicly disclosed in mid-October 2025, and security advisories urge all affected organizations to update their ECE installations immediately. The flaw is considered remotely exploitable, but only by users with administrative privileges, which somewhat limits the attack surface but does not diminish the potential impact. No evidence of exploitation in the wild has been reported at the time of disclosure, but the critical nature of the vulnerability has prompted urgent action from Elastic and the security community. The vulnerability was reported by a member of the Elastic security team, and details were published in both vendor advisories and CVE databases. Organizations using Elastic Cloud Enterprise are advised to review their access controls and ensure that only trusted personnel have administrative access. The incident highlights the risks associated with template injection vulnerabilities in cloud management platforms. Security teams are encouraged to monitor for any suspicious activity in ECE admin consoles and to apply the recommended patches without delay. The disclosure has also prompted discussions about the importance of input sanitization in template engines used in enterprise software. Elastic’s swift response and detailed advisories have been commended by the cybersecurity community. The vulnerability underscores the need for regular security reviews and prompt patch management in cloud environments.
1 months ago
Critical Template Injection in GitLab AI Gateway Duo Workflow Service (CVE-2026-1868)
GitLab remediated **CVE-2026-1868**, a critical flaw in the *Duo Workflow Service* component of **GitLab AI Gateway** caused by improper neutralization during template expansion of user-supplied data. By submitting crafted **Duo Agent Platform Flow definitions**, an attacker could trigger **denial of service** or potentially achieve **remote code execution (RCE)** on the AI Gateway, turning the AI workflow feature into an execution path on the underlying gateway service. The issue impacts self-hosted GitLab AI Gateway deployments across multiple version tracks, including versions starting at **18.1.6**, **18.2.6**, and **18.3.1** up to vulnerable releases such as **18.6.1**, **18.7.0**, and **18.8.0**. GitLab released fixes in **18.6.2**, **18.7.1**, and **18.8.1**; exploitation requires **authenticated access** to the GitLab instance (e.g., a compromised developer account or malicious insider), and GitLab reported the issue was discovered internally (by a GitLab team member, per reporting).
1 months ago