BIT-KIBANA-2026-42399 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

BIT-ELK-2026-42399 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

CVE-2026-42399

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

CVE-2026-42399

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

CVE-2026-42399

CVE-2026-42399 describes an Uncontrolled Resource Consumption (CWE-400) vulnerability in Kibana where an authenticated, low-privilege user can trigger a denial of service by submitting a specially crafted Timelion visualization expression with deeply chained function calls. This causes an exponen...

CVE-2026-42399 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

CVE-2026-42399

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

CVE-2026-42399 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

EUVD-2026-33031

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

Kibana 8.19.16, and 9.3.5 Security Update (ESA-2026-36)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memor...

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from uncontrolled resource consumption. This vulnerability may cause memory exhaustion and service crashes for users with low privileges who...

PT-2026-44510

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated low-privileged user can cause a denial of service by submitting a specially crafted Timelion visualization expression containing deeply chained function calls. This leads to...

RHCOS 4 : OpenShift Container Platform 4.1.18 (RHSA-2019:2860)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2860 advisory. - kibana: Cross-site scripting vulnerability permits perform destructive actions on behalf of other Kibana users CVE-2019-7608 -...

Kibana 8.x < 8.19.13 / 9.x < 9.2.7 / 9.3.x < 9.3.2 DoS (ESA-2026-20)

The version of Kibana installed on the remote host is prior to 8.19.13, 9.2.7, or 9.3.2. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-20 advisory. - Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead...

CVE-2026-26940

A flaw was found in the Timelion visualization plugin in Kibana. An authenticated user can exploit this by sending a specially crafted Timelion expression. This expression overwrites internal series data properties with an excessively large quantity value. This improper validation of input quanti...

EUVD-2026-13145

Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...

CVE-2026-26940

Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...

CVE-2026-26940 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service

Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...

Improper Validation of Specified Quantity in Input

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the Timelion visualization plugin when processing specially crafted Timelio...

CVE-2026-26940

The CVE concerns Kibana’s Timelion visualization plugin, where improper validation of a specified quantity (input) by an authenticated user can cause a Denial of Service through excessive allocation. The underlying issue is validated quantity handling leading to overwriting internal series data p...