CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Elastic: >> Kibana >> 8.19.12 Security Vulnerabilities

CVE-2026-26940

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.

CVSS Score

6.5

EPSS Score

0.001

Published

2026-03-19

Page 1

Vulnerabilities

Vulnerable Software

Elastic: >> Kibana >> 8.19.12 Security Vulnerabilities

Products

Pricing

Contact Us