Elastic

Kibana

101 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-26940

  • EPSS 0.04%
  • Veröffentlicht 19.03.2026 17:14:31
  • Zuletzt bearbeitet 23.03.2026 13:35:49

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted T...

6.5

CVE-2026-26939

  • EPSS 0.03%
  • Veröffentlicht 19.03.2026 17:11:16
  • Zuletzt bearbeitet 23.03.2026 13:36:57

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not P...

7.7

CVE-2026-26938

  • EPSS 0.05%
  • Veröffentlicht 26.02.2026 17:56:48
  • Zuletzt bearbeitet 02.03.2026 15:40:36

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery (SSRF) via...

7.5

CVE-2026-26937

  • EPSS 0.05%
  • Veröffentlicht 26.02.2026 17:51:35
  • Zuletzt bearbeitet 02.03.2026 15:43:52

Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

7.5

CVE-2026-26936

  • EPSS 0.05%
  • Veröffentlicht 26.02.2026 17:07:40
  • Zuletzt bearbeitet 02.03.2026 16:01:07

Inefficient Regular Expression Complexity (CWE-1333) in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup (CAPEC-492).

7.5

CVE-2026-26935

  • EPSS 0.07%
  • Veröffentlicht 26.02.2026 17:05:16
  • Zuletzt bearbeitet 02.03.2026 15:58:14

Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

6.5

CVE-2026-26934

  • EPSS 0.05%
  • Veröffentlicht 26.02.2026 17:03:17
  • Zuletzt bearbeitet 02.03.2026 15:59:55

Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted, malf...

8.6

CVE-2026-0532

  • EPSS 0.04%
  • Veröffentlicht 14.01.2026 10:14:57
  • Zuletzt bearbeitet 14.01.2026 16:25:12

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configurat...

6.5

CVE-2026-0543

  • EPSS 0.1%
  • Veröffentlicht 13.01.2026 21:15:51
  • Zuletzt bearbeitet 22.01.2026 20:04:20

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-le...

6.5

CVE-2026-0531

  • EPSS 0.06%
  • Veröffentlicht 13.01.2026 21:15:50
  • Zuletzt bearbeitet 22.01.2026 19:59:54

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewe...