Primary

Context

Elastic Kibana Improper Input Validation in Email Connector Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Elastic Kibana's Email Connector, present in all versions of the 7.x branch and in the 8.x and 9.x branches up to certain versions. The issue arises from improper input validation, allowing an authenticated attacker with view-level privileges to send a specially crafted email address parameter. This manipulation causes excessive resource allocation, leading to complete service disruption for all users, which can only be resolved by manually restarting the application.

Impact

Exploitation of this vulnerability causes excessive resource allocation, leading to complete service unavailability for all users until a manual restart is performed.

Remediation

Users can upgrade to Kibana versions 8.19.10, 9.1.10, or 9.2.4 to address this vulnerability.

Added: Jan 13, 2026, 9:46 PM

Updated: Jan 13, 2026, 9:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Kibana Improper Input Validation in Email Connector Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating