CVE-2026-26934
Denial of Service via Input Validation Flaw in Kibana
Publication date: 2026-02-26
Last updated on: 2026-03-02
Assigner: Elastic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | kibana | 9.3.0 |
| elastic | kibana | From 9.0.0 (inc) to 9.2.6 (exc) |
| elastic | kibana | From 8.18.0 (inc) to 8.19.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-26934 is a vulnerability in Kibana versions 8.18.0 through 8.19.11 and 9.0.0 through 9.2.5 caused by improper validation of specified quantity in input (CWE-1284).
An authenticated attacker with view-only privileges can send specially crafted, malformed payloads that cause excessive resource consumption, leading to Kibana becoming unresponsive or crashing.
This attack exploits input data manipulation techniques (CAPEC-153) and affects Kibana configurations where Index Management is enabled by default, requiring no special configuration.
How can this vulnerability impact me? :
This vulnerability can cause a Denial of Service (DoS) condition in Kibana by making it unresponsive or causing it to crash due to excessive resource consumption triggered by malformed input.
- Kibana becoming unresponsive or crashing.
- Sudden spikes in CPU or memory usage.
- Potential disruption of services relying on Kibana availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for indicators of compromise such as unusually large POST request bodies (e.g., over 100KB), sudden spikes in CPU or memory usage, unresponsiveness linked to requests to the enrich policies endpoint, and Kibana process crashes or restarts correlated with suspicious API requests.'}, {'type': 'paragraph', 'content': "Commands to detect this may include monitoring network traffic for large POST requests and checking system resource usage. For example, using tools like tcpdump or Wireshark to filter POST requests exceeding 100KB, and using system monitoring commands such as 'top', 'htop', or 'vmstat' to observe CPU and memory spikes."}, {'type': 'paragraph', 'content': 'Additionally, reviewing Kibana logs for crashes or restarts and suspicious API calls to the enrich policies endpoint can help identify exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Kibana to versions 8.19.12, 9.2.6, or 9.3.1 where the vulnerability is fixed.
If upgrading immediately is not possible, you should closely monitor server resource utilization, restrict authenticated access to trusted users only, and implement application-layer request size limits if possible.