CVE-2026-0532 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-0532 PUBLISHED CVSS 6.900000095367432 MEDIUM

External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector

EPSS 0.04% · 13.5th percentile

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:N

EPSS Score

0.04%

13.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	elk	9.2.0, 9.0.0, 0
Bitnami	elk	0, 9.0.0, 9.2.0
Bitnami	kibana	9.2.0, 9.0.0, 0

Timeline

Dec 5, 2025 PoC Published
Dec 5, 2025 PoC Published
Dec 6, 2025 PoC Published
Dec 8, 2025 PoC Published
Jan 14, 2026 CVE Published
Jan 14, 2026 EPSS Score
Jan 14, 2026 PoC Published
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 21, 2026 PoC Published
Jan 24, 2026 EPSS Score

References

Open in Interactive Console →