- EPSS 0.2%
- Veröffentlicht 01.07.2026 17:21:28
- Zuletzt bearbeitet 02.07.2026 18:15:39
Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log Injection-Tampering-Forging (CAPEC-93). An attacker can supply specially crafted input that is written to log files without proper neutralization. When the ...
CVE-2026-49088
- EPSS 0.21%
- Veröffentlicht 01.07.2026 16:59:24
- Zuletzt bearbeitet 02.07.2026 17:52:31
Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensitive request header values could be recorded in appli...
CVE-2026-49087
- EPSS 0.25%
- Veröffentlicht 01.07.2026 16:35:19
- Zuletzt bearbeitet 02.07.2026 17:53:01
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource c...
CVE-2026-56151
- EPSS 0.25%
- Veröffentlicht 01.07.2026 16:29:25
- Zuletzt bearbeitet 02.07.2026 16:09:39
Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agen...
CVE-2026-49093
- EPSS 0.2%
- Veröffentlicht 28.05.2026 19:51:32
- Zuletzt bearbeitet 01.06.2026 14:13:11
Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egres...
CVE-2026-49094
- EPSS 0.27%
- Veröffentlicht 28.05.2026 19:49:53
- Zuletzt bearbeitet 01.06.2026 13:31:57
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collecti...
CVE-2026-49095
- EPSS 0.26%
- Veröffentlicht 28.05.2026 19:48:31
- Zuletzt bearbeitet 01.06.2026 13:30:50
Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a confi...
CVE-2026-42398
- EPSS 0.3%
- Veröffentlicht 28.05.2026 19:47:53
- Zuletzt bearbeitet 01.06.2026 14:17:50
Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Ki...
CVE-2026-42399
- EPSS 0.3%
- Veröffentlicht 28.05.2026 19:44:05
- Zuletzt bearbeitet 01.06.2026 14:14:05
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a spec...
CVE-2026-42400
- EPSS 0.3%
- Veröffentlicht 28.05.2026 19:42:11
- Zuletzt bearbeitet 01.06.2026 14:13:36
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, c...