CVE-2026-26935
Received Received - Intake
Improper Input Validation in Kibana Content Connectors Causes DoS

Publication date: 2026-02-26

Last updated on: 2026-03-02

Assigner: Elastic

Description
Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-03-02
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26935
EUVD
EUVD-2026-8865
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
elastic kibana 9.3.0
elastic kibana From 9.0.0 (inc) to 9.2.6 (exc)
elastic kibana From 8.4.0 (inc) to 8.19.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-26935 is an improper input validation vulnerability (CWE-20) found in Kibana's internal Content Connectors search endpoint."}, {'type': 'paragraph', 'content': 'This flaw allows an attacker to manipulate input data in a way that causes a Denial of Service (DoS) condition, making the service unavailable.'}, {'type': 'paragraph', 'content': 'The vulnerability affects Kibana versions 8.x from 8.4.0 through 8.19.11, and 9.x from 9.0.0 through 9.2.5, as well as version 9.3.0, but only if Content Connectors are configured and accessible.'}] [1]

Impact Analysis

This vulnerability can impact you by causing a Denial of Service (DoS) on your Kibana deployment if the Content Connectors feature is enabled.

An attacker with the required privileges can exploit this flaw remotely to disrupt availability, making the affected service or feature unusable.

There is no impact on confidentiality or integrity, but the availability of the service is highly affected.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability affects Kibana's internal Content Connectors search endpoint and can cause a Denial of Service via input data manipulation. Detection involves identifying if your Kibana deployment is within the affected versions and if the Content Connectors feature is configured and accessible."}, {'type': 'paragraph', 'content': 'Since the endpoint is internal and only accessible if Content Connectors are configured, you can check your Kibana version and configuration to assess exposure.'}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the available resources.'}] [1]

Mitigation Strategies

To mitigate this vulnerability, upgrade Kibana to versions 8.19.12, 9.2.6, or 9.3.1 where the issue is resolved.

If upgrading is not immediately possible, restrict access to the Content Connectors feature by:

  • Creating custom roles that exclude Content Connectors privileges.
  • Removing the viewer role from users who do not require access to Content Connectors.
  • Applying more granular feature-level privilege controls to limit exposure.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26935. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart