CVE-2026-33463: CWE-672 Operation on a Resource after Expiration or Release in Elastic Kibana
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.
AI Analysis
Technical Summary
This vulnerability in Elastic Kibana arises from improper validation of expiration timestamps for time-bounded access tokens. Due to a logic error, tokens remain usable beyond their expiration, allowing unauthorized information disclosure by unauthenticated actors who have the expired token. The issue affects Kibana versions 8.0.0 and 9.0.0. The CVSS 3.1 base score is 5.3 (medium severity), reflecting network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality impact. No patch or official remediation level has been provided by Elastic as of the publication date.
Potential Impact
An unauthenticated attacker in possession of an expired time-bounded access token can retrieve information that should no longer be accessible, resulting in unauthorized information disclosure. There is no impact on integrity or availability reported. The vulnerability does not require privileges or user interaction to exploit.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should consider restricting token distribution and monitoring for unauthorized use of expired tokens. No vendor advisory or official remediation instructions have been provided at this time.
CVE-2026-33463: CWE-672 Operation on a Resource after Expiration or Release in Elastic Kibana
Description
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.
CVSS v3.1
Score 5.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Elastic Kibana arises from improper validation of expiration timestamps for time-bounded access tokens. Due to a logic error, tokens remain usable beyond their expiration, allowing unauthorized information disclosure by unauthenticated actors who have the expired token. The issue affects Kibana versions 8.0.0 and 9.0.0. The CVSS 3.1 base score is 5.3 (medium severity), reflecting network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality impact. No patch or official remediation level has been provided by Elastic as of the publication date.
Potential Impact
An unauthenticated attacker in possession of an expired time-bounded access token can retrieve information that should no longer be accessible, resulting in unauthorized information disclosure. There is no impact on integrity or availability reported. The vulnerability does not require privileges or user interaction to exploit.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should consider restricting token distribution and monitoring for unauthorized use of expired tokens. No vendor advisory or official remediation instructions have been provided at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- elastic
- Date Reserved
- 2026-03-20T10:53:23.100Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a189d28e29bf47b50227a17
Added to database: 5/28/2026, 7:53:12 PM
Last enriched: 5/28/2026, 7:53:37 PM
Last updated: 5/29/2026, 7:36:10 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.