CVE-2026-33463

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: none

Availability: none

Description

AI Translation Available

Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.

672

Operation on a Resource after Expiration or Release

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Other Availability

Potential Impacts:

Modify Application Data Read Application Data Other Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: Mobile

View CWE Details

https://discuss.elastic.co/t/8-19-16-9-3-5-security-update-…

https://discuss.elastic.co/t/8-19-16-9-3-5-security-update-esa-2026-33/386551

CVE-2026-33463

Description

Operation on a Resource after Expiration or Release

Common Consequences

Applicable Platforms

Iscriviti alla newsletter