6.5

CVE-2026-56151

Improper Input Validation in Kibana Leading to Denial of Service

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ElasticKibana Version >= 8.0.0 < 8.19.17
ElasticKibana Version >= 9.0.0 < 9.3.6
ElasticKibana Version >= 9.4.0 < 9.4.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.163
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@elastic.co 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45
Vendor Advisory