CVE-2026-56152
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
CVE-2026-56152 in Elastic Defend is caused by incorrect authorization (CWE-863). It allows a low-privileged authenticated user to access response action data they are not authorized to view, leading to unauthorized information disclosure.
Risk Assessment
The risk involves potential leakage of sensitive response action data, which could compromise information confidentiality and be exploited for further attacks within the organization.
Recommendation
It is recommended to immediately update Elastic Defend to the latest patched version and review access control (ACL) configurations to restrict access to sensitive functionalities.
Original NVD description (English source)
Incorrect Authorization (CWE-863) in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs (CAPEC-1). Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to view.

