Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.05%
16.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| elastic | kibana | 9.0.0, 7.0.0, 8.0.0 |
| yawkat | lz4-java | < 1.10.1 |
| github.com | elastic/beats/v7 | 9.0.0, 9.2.0, 0 |
| Elastic | Metricbeat | 8.0.0, 9.0.0, 9.2.0 |
Timeline
- Dec 5, 2025 PoC Published
- Dec 5, 2025 PoC Published
- Dec 6, 2025 PoC Published
- Dec 8, 2025 PoC Published
- Jan 13, 2026 CVE Published
- Jan 13, 2026 PoC Published
- Jan 14, 2026 EPSS Score
- Jan 14, 2026 PoC Published
- Jan 14, 2026 PoC Published
- Jan 16, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 21, 2026 EPSS Score
References
- https://discuss.elastic.co/t/metricbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-01/384519 url
- https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-08/384523 advisory
- https://discuss.elastic.co/t/packetbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-02/384520 advisory
- https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-04/384522 advisory
- https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524 advisory
- https://discuss.elastic.co/t/elasticsearch-8-19-10-9-1-10-9-2-4-security-update-esa-2026-07/384525 advisory
- https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-03/384521 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-0528 advisory
- https://github.com/elastic/beats/commit/0025fbfe668936eb8fa65b838508faf3c3c04387 url
- https://github.com/elastic/beats/commit/6e42552a23cec734e7977ebd3eb7fb797ddce456 url
- https://github.com/elastic/beats/commit/c7664c91a5a68c2df782bfeffe4fb7f42ff2ad1a url
- https://github.com/elastic/beats package
- https://github.com/yawkat/lz4-java/security/advisories/GHSA-cmp6-m4wj-q63q url
- https://github.com/yawkat/lz4-java/commit/33d180cb70c4d93c80fb0dc3ab3002f457e93840 url