Kibana 7.17.15, 8.11.1 Security Update (ESA-2026-53)

Improper Output Neutralization for Logs in Kibana Leading to Log Injection

Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log Injection-Tampering-Forging (CAPEC-93). An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal that interprets control sequences, the injected content may alter the displayed log data.

Affected Versions:

  • 7.x: All versions up to and including 7.17.14
  • 8.x: All versions from 8.0.0 up to and including 8.11.0

Affected Configurations:

  • All configurations are affected.

Solutions and Mitigations:

The issue is resolved in version 7.17.15 and 8.11.1.

For Users that Cannot Upgrade:

  • Self-Managed: View Kibana log files only in tools that do not interpret terminal control sequences.

  • Cloud: The same guidance applies to Elastic Cloud Hosted deployments.

Indicators of Compromise (IOC)

Inspect log files for unexpected terminal control or escape sequences.

Elastic Cloud Serverless

Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.

Severity: CVSSv3.1: High ( 8.0 ) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE ID: CVE-2026-49091
Problem Type: CWE-117 - Improper Output Neutralization for Logs
Impact: CAPEC-93 - Log Injection-Tampering-Forging