What is GHSA-7r23-c4px-q9xc?

GHSA-7r23-c4px-q9xc is a security advisory published by GitHub Security Advisories with Medium severity. Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored...

Which CVE IDs does GHSA-7r23-c4px-q9xc cover?

GHSA-7r23-c4px-q9xc covers the following CVE IDs: CVE-2026-42401. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7r23-c4px-q9xc?

GHSA-7r23-c4px-q9xc has a CVSS v3 base score of 4.1, published by GitHub Security Advisories.

GHSA-7r23-c4px-q9xcMediumCVSS 4.1

Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored...

Vendor

GitHub Security Advisories

Published

May 28, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-42401 →

📋 Description

Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently sanitized. Successful exploitation could result in unauthorized UI manipulation and outbound network requests issued from the viewing user's browser session.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-42401
https://discuss.elastic.co/t/kibana-8-19-16-9-3-5-security-update-esa-2026-34/386552
https://github.com/advisories/GHSA-7r23-c4px-q9xc