CVE-2016-10365

medium

Published 2017-06-16 · Modified 2026-05-13

CVSS v3

6.1

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2

5.8

VIR risk

6.1

Description

Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website.

Predictions

Exploit likelihood

71%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security@elastic.co — https://www.elastic.co/community/security

Application impact

Vendor	Product	Versions	Fixed
elastic	kibana	`{"endIncluding":"4.6.2"}`

References

https://www.elastic.co/community/security
https://www.elastic.co/community/security

CWEs

CWE-601

Verify integrity in audit chain (admin only). AS-IS.