CVE-2026-26934
Received Received - Intake
Denial of Service via Input Validation Flaw in Kibana

Publication date: 2026-02-26

Last updated on: 2026-03-02

Assigner: Elastic

Description
Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted, malformed payload causing excessive resource consumption and resulting in Kibana becoming unresponsive or crashing.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-03-02
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26934
EUVD
EUVD-2026-8863
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
elastic kibana 9.3.0
elastic kibana From 9.0.0 (inc) to 9.2.6 (exc)
elastic kibana From 8.18.0 (inc) to 8.19.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-26934 is a vulnerability in Kibana versions 8.18.0 through 8.19.11 and 9.0.0 through 9.2.5 caused by improper validation of specified quantity in input (CWE-1284).

An authenticated attacker with view-only privileges can send specially crafted, malformed payloads that cause excessive resource consumption, leading to Kibana becoming unresponsive or crashing.

This attack exploits input data manipulation techniques (CAPEC-153) and affects Kibana configurations where Index Management is enabled by default, requiring no special configuration.

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) condition in Kibana by making it unresponsive or causing it to crash due to excessive resource consumption triggered by malformed input.

  • Kibana becoming unresponsive or crashing.
  • Sudden spikes in CPU or memory usage.
  • Potential disruption of services relying on Kibana availability.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for indicators of compromise such as unusually large POST request bodies (e.g., over 100KB), sudden spikes in CPU or memory usage, unresponsiveness linked to requests to the enrich policies endpoint, and Kibana process crashes or restarts correlated with suspicious API requests.'}, {'type': 'paragraph', 'content': "Commands to detect this may include monitoring network traffic for large POST requests and checking system resource usage. For example, using tools like tcpdump or Wireshark to filter POST requests exceeding 100KB, and using system monitoring commands such as 'top', 'htop', or 'vmstat' to observe CPU and memory spikes."}, {'type': 'paragraph', 'content': 'Additionally, reviewing Kibana logs for crashes or restarts and suspicious API calls to the enrich policies endpoint can help identify exploitation attempts.'}] [1]

Mitigation Strategies

Immediate mitigation steps include upgrading Kibana to versions 8.19.12, 9.2.6, or 9.3.1 where the vulnerability is fixed.

If upgrading immediately is not possible, you should closely monitor server resource utilization, restrict authenticated access to trusted users only, and implement application-layer request size limits if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26934. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart