Elastic

Kibana

120 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.18%
  • Veröffentlicht 19.03.2026 17:11:16
  • Zuletzt bearbeitet 23.03.2026 13:36:57

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not P...

  • EPSS 0.25%
  • Veröffentlicht 26.02.2026 17:56:48
  • Zuletzt bearbeitet 02.03.2026 15:40:36

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery (SSRF) via...

  • EPSS 0.27%
  • Veröffentlicht 26.02.2026 17:51:35
  • Zuletzt bearbeitet 02.03.2026 15:43:52

Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

  • EPSS 0.33%
  • Veröffentlicht 26.02.2026 17:07:40
  • Zuletzt bearbeitet 02.03.2026 16:01:07

Inefficient Regular Expression Complexity (CWE-1333) in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup (CAPEC-492).

  • EPSS 0.28%
  • Veröffentlicht 26.02.2026 17:05:16
  • Zuletzt bearbeitet 02.03.2026 15:58:14

Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

  • EPSS 0.28%
  • Veröffentlicht 26.02.2026 17:03:17
  • Zuletzt bearbeitet 02.03.2026 15:59:55

Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted, malf...

  • EPSS 0.42%
  • Veröffentlicht 14.01.2026 10:14:57
  • Zuletzt bearbeitet 30.06.2026 03:17:02

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configurat...

  • EPSS 0.37%
  • Veröffentlicht 13.01.2026 21:15:51
  • Zuletzt bearbeitet 22.01.2026 20:04:20

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-le...

  • EPSS 0.42%
  • Veröffentlicht 13.01.2026 21:15:50
  • Zuletzt bearbeitet 22.01.2026 19:59:54

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewe...

  • EPSS 0.27%
  • Veröffentlicht 13.01.2026 21:03:13
  • Zuletzt bearbeitet 22.01.2026 19:58:42

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously cons...