Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago9 views

Kibana 8.x < 8.19.17 / 9.x < 9.3.6 / 9.4.x < 9.4.3 DoS (ESA-2026-45)

The version of Kibana installed on the remote host is 8.x prior to 8.19.17, 9.x prior to 9.3.6, or 9.4.x prior to 9.4.3. It is, therefore, affected by a denial of service vulnerability: - Improper Input Validation CWE-20 in Kibana can lead to a denial of service. An authenticated user can submit ...

6.5CVSS6.2AI score0.00281EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.12 views

CVE-2026-56151

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:29 p.m.8 views

CVE-2026-56151

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 4:29 p.m.12 views

CVE-2026-56151

This CVE affects Kibana with Fleet: Improper Input Validation (CWE-20) enabling Denial of Service via crafted Fleet policy input. Affected versions include 8.x (8.0.0–8.19.16), 9.x (9.0.0–9.3.5 and 9.4.0–9.4.2). The root cause is input validation failure for Fleet policy inputs, allowing an authe...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/01 4:29 p.m.9 views

EUVD-2026-41085

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 4:29 p.m.38 views

CVE-2026-56151 Improper Input Validation in Kibana Leading to Denial of Service

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS0.00281EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54866

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper input validation in the Fleet policy management functionality allows an authenticated user to submit specially crafted input. This can lead to a denial of service, rendering the Fleet...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.119 views

Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 / 9.4.x < 9.4.2 Multiple Vulnerabilities (ESA-2026-35 / ESA-2026-38)

The version of Kibana installed on the remote host is prior to 8.19.16, 9.3.5, or 9.4.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-35 and ESA-2026-38 advisories. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via...

6.5CVSS5.6AI score0.00296EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/28 10:44 p.m.9 views

Improper Validation of Specified Type of Input

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the Fleet agent policy management. An attacker can gain unauthorized read and...

8.5CVSS5.3AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 7:48 p.m.19 views

EUVD-2026-33033

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-33460

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS5.9AI score0.00175EPSS
Exploits0References1
Rows per page
Query Builder