URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-06-25
A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
CVSS Score
9.1
EPSS Score
0.025
Published
2025-05-06
Page 3