CVE-2026-0530
Resource Exhaustion in Kibana Fleet via Unrestricted Allocation
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: Elastic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | kibana | From 7.10.0 (inc) to 7.17.29 (inc) |
| elastic | kibana | From 8.0.0 (inc) to 8.19.9 (inc) |
| elastic | kibana | From 9.0.0 (inc) to 9.1.9 (inc) |
| elastic | kibana | From 9.2.0 (inc) to 9.2.3 (inc) |
| elastic | kibana | 8.19.10 |
| elastic | kibana | 9.1.10 |
| elastic | kibana | 9.2.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Kibana Fleet involves improper allocation of resources without limits or throttling. An attacker can send a specially crafted request that causes the application to perform redundant processing operations, which continuously consume system resources. This excessive resource consumption can lead to service degradation or complete unavailability of the application. [1]
How can this vulnerability impact me? :
The vulnerability can cause your Kibana service to degrade in performance or become completely unavailable due to excessive consumption of system resources triggered by malicious requests. This can disrupt normal operations and affect the availability of your services. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update Kibana to one of the fixed versions: 8.19.10, 9.1.10, or 9.2.4, as these versions contain the security fix that addresses the resource allocation issue in the Kibana Fleet component. [1]