Elastic Kibana
Moderate fix3 remedies
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*
Moderate fix3 remedies
- >= 7.10.0, <= 7.17.29
- >= 8.0.0, <= 8.19.9
- >= 9.0.0, <= 9.1.9
- >= 9.2.0, <= 9.2.3
Elastic Kibana Excessive Resource Allocation Vulnerability in Fleet Component
Vulnerability
Patched
A vulnerability exists in the Kibana Fleet component, specifically in versions 7.10.0 prior to 7.17.29, 8.0.0 prior to 8.19.9, 9.0.0 prior to 9.1.9, and 9.2.0 prior to 9.2.4. This vulnerability is categorized as 'Allocation of Resources Without Limits or Throttling' (CWE-770) and can lead to 'Excessive Allocation' (CAPEC-130). The issue arises when an attacker with low-level privileges, equivalent to the viewer role, sends a specially crafted bulk retrieval request. This request prompts the application to execute redundant database retrievals that quickly consume memory, causing the server to crash and become unavailable to all users.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the server to crash and become unavailable to all users.
Remediation
Users can upgrade to Kibana versions 8.19.10, 9.1.10, or 9.2.4 to address this vulnerability. For users unable to upgrade, no workarounds are available.
Added: Jan 13, 2026, 9:47 PM
Updated: Jan 13, 2026, 9:47 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
2.5exploitability
4.9remediation
7.7relevance
2.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.