MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2026-0532

🔴 HIGH

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON...

Published
Jan 14, 2026
Last Modified
Jan 14, 2026
Views
8
Bookmarks
0

Description

Request Expert Review

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads.

CVSS Scores

CVSS 3.1 8.6
8.6
HIGH
CVSS 2.0 8.6

References

discuss.elastic.co

Additional Information

Source
security@elastic.co
State
Awaiting analysis

Related CVEs

CVE-2026-2215

LOW

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the compo...

Score: 3.7

CVE-2026-2214

LOW

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This ma...

Score: 2.4

CVE-2026-2213

MEDIUM

A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administ...

Score: 4.7

CVE-2026-1615

CRITICAL

All versions of the package jsonpath are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The libr...

Score: 9.8

CVE-2026-2212

HIGH

A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Adminis...

Score: 7.3

CVE-2026-2211

HIGH

A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCateg...

Score: 7.3

Share CVE-2026-0532

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-0532 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis