What is CVE-2026-33467?

CVE-2026-33467 is a medium-severity vulnerability in Elastic Package Registry, classified under Improper Verification of Cryptographic Signature. CVSS score: 5.9/10. Published 2026-04-28.

How severe is CVE-2026-33467?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Elastic Package Registry

CVE-2026-33467

Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute…

EPSS: 0.000 (5.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Elastic Package Registry — versions 0.1.0
Elastic Elastic_package_registry

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

security@elastic.co (Vendor Advisory)

Frequently asked questions

What is CVE-2026-33467?: CVE-2026-33467 is a medium-severity vulnerability in Elastic Package Registry, classified under Improper Verification of Cryptographic Signature. CVSS score: 5.9/10. Published 2026-04-28.
How severe is CVE-2026-33467?: Medium severity. CVSS v3 base score is 5.9 out of 10.