Primary

Context

Elastic Kibana Denial-of-Service Vulnerability Due to Improper Input Validation

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Elastic Kibana versions 8.18.0 prior to 8.19.12, as well as in the 9.x series, specifically versions 9.0.0 prior to 9.2.6 and 9.3.0. This vulnerability arises from improper validation of input quantities, allowing an authenticated attacker with view-only privileges to manipulate input data. The exploitation of this vulnerability leads to excessive resource consumption, causing Kibana to become unresponsive or crash.

Impact

Exploitation of this vulnerability causes Kibana to become unresponsive or crash, disrupting service and availability.

Remediation

Users can upgrade to Kibana versions 8.19.12, 9.2.6, or 9.3.1 to address this vulnerability. For those unable to upgrade, it is recommended to monitor Kibana server resource usage, restrict access to trusted users, and consider implementing application-layer request size limits if possible.

Added: Feb 26, 2026, 6:35 PM

Updated: Feb 26, 2026, 6:35 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.9

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.9

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Kibana Denial-of-Service Vulnerability Due to Improper Input Validation

Vulnerability

Impact

Remediation

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating