Primary

Context

Elastic Timelion Component Uncontrolled Resource Consumption Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A vulnerability allowing uncontrolled resource consumption has been identified in the Timelion component of Kibana. This issue can lead to a denial-of-service condition by manipulating input data. The vulnerability affects all Timelion visualizations by default.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the application becomes unresponsive or unavailable.

Remediation

Users can upgrade to Kibana versions 8.19.11 or 9.2.5, where this vulnerability has been patched. For users who cannot upgrade and do not use Timelion visualizations, the plugin can be disabled by adding 'vis_type_timelion.enabled: false' to the 'kibana.yml' configuration file. However, this option is not available for Elastic Cloud Hosted customers, who should prioritize upgrading to a patched version.

Added: Feb 26, 2026, 7:38 PM

Updated: Feb 26, 2026, 7:38 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

8.3

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

8.3

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Timelion Component Uncontrolled Resource Consumption Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating