CVE-2026-26940 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service

🗓️ 19 Mar 2026 17:14:31Reported by elasticType

CVE-2026-26940 allows denial of service in Kibana Timelion by improper validation of input quantity.

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2026-26940	19 Mar 202617:14	–	attackerkb
Circl	CVE-2026-26940	20 Mar 202613:10	–	circl
CNNVD	Elastic Kibana 安全漏洞	19 Mar 202600:00	–	cnnvd
CVE	CVE-2026-26940	19 Mar 202617:14	–	cve
Elastic	Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20)	19 Mar 202616:59	–	elastic
EUVD	EUVD-2026-13145	19 Mar 202618:31	–	euvd
Tenable Nessus	Kibana 8.x < 8.19.13 / 9.x < 9.2.7 / 9.3.x < 9.3.2 DoS (ESA-2026-20)	25 Mar 202600:00	–	nessus
NVD	CVE-2026-26940	19 Mar 202618:16	–	nvd
OSV	MINI-546P-38P6-8HJQ	24 Mar 202614:30	–	osv
OSV	MINI-5QRQ-9577-QCQF	24 Mar 202614:30	–	osv

[
  {
    "defaultStatus": "unaffected",
    "product": "Kibana",
    "vendor": "Elastic",
    "versions": [
      {
        "lessThanOrEqual": "9.3.1",
        "status": "affected",
        "version": "9.3.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.2.6",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.19.12",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
discuss	www.discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535

19 Mar 2026 17:14Current

CVSS 3.16.5

EPSS0.00075

CWE-1284