CVE-2026-0543
Unknown Unknown - Not Provided

Improper Input Validation in Kibana Email Connector Causes DoS

Vulnerability report for CVE-2026-0543, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: Elastic

Description

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-07-06
AI Q&A
2026-01-14
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
elastic kibana From 8.0.0 (inc) to 8.19.9 (inc)
elastic kibana From 9.0.0 (inc) to 9.1.9 (inc)
elastic kibana From 9.2.0 (inc) to 9.2.3 (inc)
elastic kibana 8.19.10
elastic kibana 9.1.10
elastic kibana 9.2.4

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Input Validation issue in Kibana's Email Connector. It allows an attacker with authenticated view-level privileges to cause excessive memory allocation by providing a specially crafted email address parameter. This leads to the application attempting to process the malformed email format, resulting in complete service unavailability until a manual restart is performed.

Impact Analysis

The vulnerability can cause complete service unavailability for all users of Kibana until the service is manually restarted. This denial of service can disrupt operations and access to the application.

Mitigation Strategies

To mitigate this vulnerability, ensure that only trusted users have authenticated access with view-level privileges to execute connector actions. Monitor and restrict the use of the Email Connector to prevent processing of specially crafted email addresses. If service unavailability occurs, perform a manual restart of the Kibana service to restore availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0543. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart