CVE-2018-3824: X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker i
Summary
X-Pack Machine Learning (a tool for automated data analysis in Elasticsearch) versions before 6.2.4 and 5.6.9 contained a cross-site scripting vulnerability (XSS, a flaw where attackers inject malicious code into web pages). An attacker could inject harmful data into a database index being analyzed by the machine learning tool, and when another user views the results, the attacker could steal sensitive information or perform actions as that user.
Solution / Mitigation
Update X-Pack Machine Learning to version 6.2.4 or 5.6.9 or later.
Vulnerability Details
4.3
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2018-3824
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 75%