🟠 CVE-2026-4498 - High (7.7)

Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user wi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4498/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack