CVE-2019-7609

CVE-2019-7609

Vendor Elastic
Product Kibana
Weakness CWE-94 · Code injection
KEV Status Known Exploited
Published March 25, 2019
Last update October 21, 2025

CVSS base score

What the vulnerability does

01Description

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

March 25, 2019 CVE published
October 21, 2025 Record updated