What is CVE-2026-4818?

CVE-2026-4818 is a medium-severity vulnerability in Floragunn Search Guard Flx, classified under Improper Authorization. CVSS score: 6.8/10. Published 2026-03-31.

How severe is CVE-2026-4818?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Auth bypass in Floragunn Search Guard Flx

CVE-2026-4818

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams.

EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Floragunn Search Guard Flx — versions 3.0.0

Weakness classification (CWE)

CWE-285 — Improper Authorization
CWE-862 — Missing Authorization

References

search-guard.com/cve-advisory/
docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0

Frequently asked questions

What is CVE-2026-4818?: CVE-2026-4818 is a medium-severity vulnerability in Floragunn Search Guard Flx, classified under Improper Authorization. CVSS score: 6.8/10. Published 2026-03-31.
How severe is CVE-2026-4818?: Medium severity. CVSS v3 base score is 6.8 out of 10.