CVE-2026-4818 MEDIUM

CVE-2026-4818: Some management operations on data streams are not properly restricted when user does not have the necessary privileges

Vendor Floragunn

Product Search Guard FLX

Weakness CWE-285

Published March 31, 2026

Last update March 31, 2026

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.

Key dates

02Disclosure timeline

March 31, 2026 CVE published

March 31, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-4818 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

CVE-2026-4818: Some management operations on data streams are not properly restricted when user does not have the necessary privileges

01Description

02Disclosure timeline

03References

04Related CVE