CVEDB API

Vulnerabilities

Vulnerable Software

Elastic: >> Kibana >> 8.19.11 Security Vulnerabilities

CVE-2026-26939

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.

CVSS Score

6.5

EPSS Score

0.0

Published

2026-03-19

CVE-2026-26940

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.

CVSS Score

6.5

EPSS Score

0.001

Published

2026-03-19

CVE-2026-26934

Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted, malformed payload causing excessive resource consumption and resulting in Kibana becoming unresponsive or crashing.

CVSS Score

6.5

EPSS Score

0.001

Published

2026-02-26

CVE-2026-26935

Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

CVSS Score

6.5

EPSS Score

0.001

Published

2026-02-26

Page 1

Vulnerabilities

Vulnerable Software

Elastic: >> Kibana >> 8.19.11 Security Vulnerabilities

Products

Pricing

Contact Us