Kibana 8.x < 8.19.13 / 9.x < 9.2.7 / 9.3.x < 9.3.2 DoS (ESA-2026-20)

The version of Kibana installed on the remote host is prior to 8.19.13, 9.2.7, or 9.3.2. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-20 advisory. - Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead...

CVE-2026-26940

A flaw was found in the Timelion visualization plugin in Kibana. An authenticated user can exploit this by sending a specially crafted Timelion expression. This expression overwrites internal series data properties with an excessively large quantity value. This improper validation of input quanti...

EUVD-2026-13145

Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...

CVE-2026-26940

Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...

PT-2026-26325

Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...

Kibana 8.19.11, 9.2.5 Security Update (ESA-2026-15)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153 Affected Versions: 8.x: All versions from 8.0.0 up to and including 8.19.10 9.x:...