Vulnerability Details CVE-2026-33458
Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.4%
CVSS Severity
CVSS v3 Score 6.3