Primary

Context

Elastic Kibana Uncontrolled Resource Consumption Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Elastic Kibana versions 8.19.14, 9.2.8, and 9.3.3. This issue arises from uncontrolled resource consumption, allowing an authenticated user with access to the automatic import feature to send requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, causing service disruptions and making the deployment unavailable for all users.

Impact

Excessive resource allocation from concurrent requests can destabilize backend services, leading to service disruptions and unavailability for users.

Added: Apr 8, 2026, 7:29 PM

Updated: Apr 8, 2026, 7:29 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.5

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.5

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Kibana Uncontrolled Resource Consumption Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating