Kibana is a free and open frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch. Commonly known as the charting tool for the Elastic Stack, Kibana also acts as the user interface for monitoring, managing, and securing an Elastic Stack cluster—as well as the centralized hub for built-in solutions developed on the Elastic Stack.

Kibana

MinimOS is a minimalist operating system designed for simplicity and efficiency. It aims to provide only essential functionalities, making it lightweight and suitable for resource-constrained environments. MinimOS is often used in embedded systems or as a base for custom operating system development.

MinimOS

Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data.

CVE-2026-33458

Minimus

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-33458	HIGH	7.7	Kibana	cpe:2.3:a:elastic:kibana	No	Yes	Apr 08, 2026
CVE-2026-4498	HIGH	7.7	Kibana	kibana-9.2	No	Yes	Apr 08, 2026
CVE-2026-33461	HIGH	7.7	Kibana	kibana-8.19	No	Yes	Apr 08, 2026
CVE-2026-33459	MEDIUM	6.5	Kibana	cpe:2.3:a:elastic:kibana	No	Yes	Apr 08, 2026
CVE-2026-33460	MEDIUM	4.3	Kibana	cpe:2.3:a:elastic:kibana	No	Yes	Apr 08, 2026

CVE-2026-33458:
Kibana vulnerability analysis and mitigation

7.7

Related Kibana vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-33458: Kibana vulnerability analysis and mitigation