CVE-2026-33459
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, resulting in service disruption and deployment unavailability for all users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Elastic | Kibana | 9.3.0 <= 9.3.2 | affected |
| Elastic | Kibana | 8.15.0 <= 8.19.13 | affected |
| Elastic | Kibana | 9.0.0 <= 9.2.7 | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.