Floragunn Search Guard Flx
7 CVEs affecting Floragunn Search Guard Flx. Latest disclosed: 2026-03-31. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4818 | Medium | 6.8 | 2026-03-31 | In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management opera… |
CVE-2026-4819 | Medium | 4.9 | 2026-03-31 | In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana. |
CVE-2026-4799 | Medium | 4.3 | 2026-03-31 | In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL. |
CVE-2025-13653 | Medium | 4.3 | 2025-12-01 | In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use speci… |
CVE-2025-12149 | | 2025-11-14 | In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is triggered from a Signal… | |
CVE-2025-12148 | | 2025-10-29 | In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fie… | |
CVE-2025-12147 | | 2025-10-29 | In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are improperly enforced on object-valued fields. When an FLS exclusion rule… |