All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-56152
MEDIUMpublished 2026-07-01 17:16 UTC · 3 days ago · modified 2026-07-01 19:58 UTC
5.3
CVSS / 10
// description
Incorrect Authorization (CWE-863) in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs (CAPEC-1). Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to view.
// weaknesses (CWE)
- CWE-863