CVE-2026-42401
- EPSS 0.14%
- Veröffentlicht 28.05.2026 19:40:21
- Zuletzt bearbeitet 29.05.2026 21:17:18
Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Ki...
CVE-2026-33463
- EPSS 0.24%
- Veröffentlicht 28.05.2026 19:37:38
- Zuletzt bearbeitet 29.05.2026 21:18:16
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its int...
CVE-2026-33464
- EPSS 0.25%
- Veröffentlicht 28.05.2026 19:35:31
- Zuletzt bearbeitet 29.05.2026 21:17:42
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana AP...
CVE-2026-33462
- EPSS 0.22%
- Veröffentlicht 28.05.2026 19:33:38
- Zuletzt bearbeitet 29.05.2026 21:20:41
A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to ...
CVE-2026-33458
- EPSS 0.23%
- Veröffentlicht 08.04.2026 16:47:58
- Zuletzt bearbeitet 13.04.2026 11:30:33
Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potential...
CVE-2026-33459
- EPSS 0.24%
- Veröffentlicht 08.04.2026 16:46:02
- Zuletzt bearbeitet 13.04.2026 18:21:25
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large i...
CVE-2026-33460
- EPSS 0.18%
- Veröffentlicht 08.04.2026 16:43:30
- Zuletzt bearbeitet 21.04.2026 17:51:24
Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privilege Abuse (CAPEC-122). A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces t...
CVE-2026-33461
- EPSS 0.28%
- Veröffentlicht 08.04.2026 16:41:27
- Zuletzt bearbeitet 22.04.2026 16:44:08
Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys...
CVE-2026-4498
- EPSS 0.3%
- Veröffentlicht 08.04.2026 16:38:59
- Zuletzt bearbeitet 13.04.2026 18:22:55
Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user with Fl...
CVE-2026-26940
- EPSS 0.27%
- Veröffentlicht 19.03.2026 17:14:31
- Zuletzt bearbeitet 23.03.2026 13:35:49
Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted T...