Elastic

Kibana

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.7

CVE-2026-33458

  • EPSS 0.05%
  • Veröffentlicht 08.04.2026 16:47:58
  • Zuletzt bearbeitet 13.04.2026 11:30:33

Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potential...

6.5

CVE-2026-33459

  • EPSS 0.05%
  • Veröffentlicht 08.04.2026 16:46:02
  • Zuletzt bearbeitet 13.04.2026 18:21:25

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large i...

4.3

CVE-2026-33460

  • EPSS 0.03%
  • Veröffentlicht 08.04.2026 16:43:30
  • Zuletzt bearbeitet 21.04.2026 17:51:24

Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privilege Abuse (CAPEC-122). A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces t...

6.5

CVE-2026-33461

  • EPSS 0.05%
  • Veröffentlicht 08.04.2026 16:41:27
  • Zuletzt bearbeitet 22.04.2026 16:44:08

Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys...

7.7

CVE-2026-4498

  • EPSS 0.06%
  • Veröffentlicht 08.04.2026 16:38:59
  • Zuletzt bearbeitet 13.04.2026 18:22:55

Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user with Fl...

6.5

CVE-2026-26940

  • EPSS 0.06%
  • Veröffentlicht 19.03.2026 17:14:31
  • Zuletzt bearbeitet 23.03.2026 13:35:49

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted T...

6.5

CVE-2026-26939

  • EPSS 0.04%
  • Veröffentlicht 19.03.2026 17:11:16
  • Zuletzt bearbeitet 23.03.2026 13:36:57

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not P...

7.7

CVE-2026-26938

  • EPSS 0.06%
  • Veröffentlicht 26.02.2026 17:56:48
  • Zuletzt bearbeitet 02.03.2026 15:40:36

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery (SSRF) via...

7.5

CVE-2026-26937

  • EPSS 0.07%
  • Veröffentlicht 26.02.2026 17:51:35
  • Zuletzt bearbeitet 02.03.2026 15:43:52

Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

7.5

CVE-2026-26936

  • EPSS 0.08%
  • Veröffentlicht 26.02.2026 17:07:40
  • Zuletzt bearbeitet 02.03.2026 16:01:07

Inefficient Regular Expression Complexity (CWE-1333) in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup (CAPEC-492).