CVE-2026-26935
Improper Input Validation in Kibana Content Connectors Causes DoS
Publication date: 2026-02-26
Last updated on: 2026-03-02
Assigner: Elastic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | kibana | 9.3.0 |
| elastic | kibana | From 9.0.0 (inc) to 9.2.6 (exc) |
| elastic | kibana | From 8.4.0 (inc) to 8.19.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-26935 is an improper input validation vulnerability (CWE-20) found in Kibana's internal Content Connectors search endpoint."}, {'type': 'paragraph', 'content': 'This flaw allows an attacker to manipulate input data in a way that causes a Denial of Service (DoS) condition, making the service unavailable.'}, {'type': 'paragraph', 'content': 'The vulnerability affects Kibana versions 8.x from 8.4.0 through 8.19.11, and 9.x from 9.0.0 through 9.2.5, as well as version 9.3.0, but only if Content Connectors are configured and accessible.'}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by causing a Denial of Service (DoS) on your Kibana deployment if the Content Connectors feature is enabled.
An attacker with the required privileges can exploit this flaw remotely to disrupt availability, making the affected service or feature unusable.
There is no impact on confidentiality or integrity, but the availability of the service is highly affected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability affects Kibana's internal Content Connectors search endpoint and can cause a Denial of Service via input data manipulation. Detection involves identifying if your Kibana deployment is within the affected versions and if the Content Connectors feature is configured and accessible."}, {'type': 'paragraph', 'content': 'Since the endpoint is internal and only accessible if Content Connectors are configured, you can check your Kibana version and configuration to assess exposure.'}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the available resources.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Kibana to versions 8.19.12, 9.2.6, or 9.3.1 where the issue is resolved.
If upgrading is not immediately possible, restrict access to the Content Connectors feature by:
- Creating custom roles that exclude Content Connectors privileges.
- Removing the viewer role from users who do not require access to Content Connectors.
- Applying more granular feature-level privilege controls to limit exposure.