Primary

Context

Elastic Kibana Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A resource exhaustion vulnerability has been identified in Elastic Kibana, specifically in versions 7.x, 8.x prior to 8.19.9, and 9.x prior to 9.2.3. This vulnerability allows a low-privileged authenticated user to send a crafted HTTP request that causes excessive allocation of computing resources, leading to a denial-of-service condition where the Kibana process becomes unresponsive.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the Kibana process is overwhelmed and becomes unresponsive.

Remediation

Users can upgrade to Kibana versions 8.19.9, 9.1.9, or 9.2.3 to address this vulnerability.

Added: Dec 18, 2025, 11:20 PM

Updated: Dec 18, 2025, 11:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Kibana Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating