{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T02:42:04.267","vulnerabilities":[{"cve":{"id":"CVE-2024-52976","sourceIdentifier":"security@elastic.co","published":"2025-05-01T14:15:35.527","lastModified":"2025-10-01T19:28:58.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.\n\nAn attacker requires local access and the ability to modify osqueryd configurations."},{"lang":"es","value":"La inclusión de funcionalidad de una esfera de control no confiable en el subproceso de Elastic Agent, osqueryd, permite a atacantes locales ejecutar código arbitrario mediante la inyección de parámetros. Un atacante requiere acceso local y la capacidad de modificar las configuraciones de osqueryd."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*","versionEndExcluding":"7.17.25","matchCriteriaId":"DF52922C-61CF-4F69-B54F-992FD94FCD2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.15.4","matchCriteriaId":"19F05BEC-1DFF-4ADE-A82C-665B96AA79B5"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708","source":"security@elastic.co","tags":["Patch","Vendor Advisory"]}]}}]}