kibana-9.2-advanced

Direct Vulnerabilities

Known vulnerabilities in the kibana-9.2-advanced package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Permissive Whitelist	*
L GHSA-c7w3-x93f-qmm8	*
L CVE-2026-42398	<9.2.8-r0
H Server-Side Request Forgery (SSRF)	*
L Improper Handling of Exceptional Conditions	*
L Improper Encoding or Escaping of Output	*
C Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
L Allocation of Resources Without Limits or Throttling	*
M Cross-site Scripting (XSS)	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L CVE-2026-6322	*
L Deserialization of Untrusted Data	*
L XML Injection	*
L OS Command Injection	*
L Arbitrary Code Injection	*
L Improper Validation of Specified Quantity in Input	*
L CVE-2026-6321	*
L Information Exposure Through Caching	*
L Uncontrolled Recursion	*
H Arbitrary Code Injection	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Arbitrary Code Injection	*
L Resource Exhaustion	*
L Improper Input Validation	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Improper Handling of Unicode Encoding	*
L Resource Exhaustion	*
M Arbitrary Code Injection	*
M Improper Authentication	*
L CRLF Injection	*
C Permissive Whitelist	*
L HTTP Response Splitting	*
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
H Uncontrolled Recursion	*
L Allocation of Resources Without Limits or Throttling	*
L Uncontrolled Recursion	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L GHSA-v8w9-8mx6-g223	*
L Inefficient Regular Expression Complexity	*
L GHSA-442j-39wm-28r2	*
L Arbitrary Code Injection	*
L CVE-2026-4926	*
H Cross-site Scripting (XSS)	*
L GHSA-7rx3-28cr-v5wh	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
L Arbitrary Code Injection	*
L CVE-2026-4923	*
H Resource Exhaustion	*
L Improper Check for Unusual or Exceptional Conditions	*
L Improper Input Validation	*
L Improper Verification of Cryptographic Signature	*
L Arbitrary Code Injection	*
M Cross-site Scripting (XSS)	*
C Improper Certificate Validation	*
C CVE-2026-4800	*
M Directory Traversal	*
L Improper Input Validation	*
L GHSA-vvjj-xcjg-gr5g	*
L Directory Traversal	*
H Directory Traversal	*
M CVE-2026-2950	*
L CRLF Injection	*
M Incorrect Behavior Order: Validate Before Canonicalize	*
L GHSA-26pp-8wgv-hjvm	*
H Inefficient Regular Expression Complexity	*
L GHSA-458j-xx4x-4375	*
C Arbitrary Code Injection	*
L Information Exposure	*
L GHSA-6v7q-wjvx-w8wg	*
M HTTP Response Splitting	*
C Unintended Proxy or Intermediary ('Confused Deputy')	*
L GHSA-39q2-94rc-95cp	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Resource Exhaustion	*
L GHSA-r4q5-vmmm-2653	*
M Cross-site Scripting (XSS)	*
L XML Injection	*
L Cross-site Scripting (XSS)	*
L Cross-site Scripting (XSS)	*
L GHSA-w5hq-g745-h8pq	*
L CVE-2026-33460	<9.2.8-r0
M CVE-2026-33461	<9.2.8-r0
L CVE-2026-33459	<9.2.8-r0
L CVE-2026-4498	<9.2.8-r0
L Resource Exhaustion	<9.2.7-r0
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<9.2.8-r0
L Improper Validation of Specified Quantity in Input	<9.2.8-r0
L GHSA-cj63-jhhr-wcxv	<9.2.7-r0
L GHSA-h8r8-wccr-v5f2	<9.2.7-r0
L GHSA-cjmm-f4jc-qw8r	<9.2.7-r0
L CVE-2026-26931	<9.2.5-r0
L CVE-2026-26939	<9.2.6-r0
M CVE-2026-26940	<9.2.7-r0
L CVE-2025-15284	<9.2.7-r0
L CVE-2026-1526	*
M Off-by-one Error	<9.2.7-r0
M Directory Traversal	<9.2.7-r0
L CVE-2026-1528	*
M Cross-site Scripting (XSS)	<9.2.7-r0
L CVE-2026-1527	*
L Incorrect Authorization	<9.2.7-r0
M Directory Traversal	<9.2.7-r0
L CVE-2026-3449	*
L CVE-2026-2229	*
C CVE-2026-1525	*
L CVE-2026-2581	*
L Inefficient Regular Expression Complexity	<9.2.7-r0
H CVE-2026-26936	<9.2.5-r0
H CVE-2026-26935	<9.2.6-r0
C Directory Traversal	<9.2.7-r0
L Algorithmic Complexity	<9.2.7-r0
L CVE-2026-26934	<9.2.6-r0
H Buffer Overflow	<9.2.8-r0
H CVE-2026-26937	<9.2.5-r0
L GHSA-6475-r3vj-m8vf	<9.2.6-r0
M CVE-2025-68385	<9.2.3-r0
L CVE-2025-68422	<9.2.1-r0
H CVE-2026-0528	<9.2.4-r0
L CVE-2026-0530	<9.2.4-r0
L CVE-2025-68389	<9.2.3-r0
L CVE-2025-68387	<9.2.3-r0
L CVE-2025-68386	<9.2.2-r0
H Server-Side Request Forgery (SSRF)	<9.2.5-r0
L CVE-2025-37734	<9.2.1-r0
L CVE-2026-0532	<9.2.4-r0
L CVE-2026-0531	<9.2.4-r0
L Allocation of Resources Without Limits or Throttling	<9.2.4-r0
L CVE-2025-37732	<9.2.2-r0
H Directory Traversal	<9.2.6-r0
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<9.2.6-r0
L CVE-2026-2739	*
L Inefficient Regular Expression Complexity	<9.2.7-r0
H CVE-2026-2327	<9.2.7-r0
L Incorrect Regular Expression	<9.2.6-r0
H CVE-2026-2391	<9.2.7-r0
L OS Command Injection	*
H OS Command Injection	*
H Inefficient Regular Expression Complexity	<9.2.7-r0
L Improper Check for Unusual or Exceptional Conditions	<9.2.7-r0
L Server-Side Request Forgery (SSRF)	*
L Race Condition	<9.2.7-r0
L Server-Side Request Forgery (SSRF)	<9.2.5-r0
C Deserialization of Untrusted Data	<9.2.5-r0
L Arbitrary Code Injection	<9.2.5-r0
L CVE-2025-13204	<9.2.5-r0
H Inefficient Regular Expression Complexity	<9.2.5-r0
H Allocation of Resources Without Limits or Throttling	<9.2.5-r0
M Directory Traversal	<9.2.5-r0
M CVE-2025-13465	<9.2.6-r0
M Improper Handling of Unicode Encoding	<9.2.5-r0
L Directory Traversal	<9.2.6-r0
L Improper Input Validation	*

Vulnerability

Vulnerable Version

Permissive Whitelist