CVE-2026-26937
Uncontrolled Resource Consumption in Kibana Timelion Causes DoS
Publication date: 2026-02-26
Last updated on: 2026-03-02
Assigner: Elastic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | kibana | From 8.0.0 (inc) to 8.19.11 (exc) |
| elastic | kibana | From 9.0.0 (inc) to 9.2.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-26937 is an Uncontrolled Resource Consumption vulnerability (CWE-400) found in the Timelion component of Kibana. It allows attackers to manipulate input data to cause excessive resource consumption, which can lead to a Denial of Service (DoS) condition.
Timelion is a legacy visualization feature enabled by default in Kibana installations. The vulnerability affects Kibana versions from 8.0.0 up to 8.19.10 and from 9.0.0 up to 9.2.4.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a Denial of Service (DoS) on your Kibana service. Attackers can exploit the vulnerability by manipulating input data to consume excessive resources, which disrupts the availability of the service.
The CVSS v3.1 score is 6.5, indicating a medium severity with high impact on availability but no impact on confidentiality or integrity.
If you are unable to upgrade to a fixed version, you can mitigate the risk by disabling the Timelion plugin via the configuration setting `vis_type_timelion.enabled: false` in the kibana.yml file, unless you are using Elastic Cloud hosted environments where disabling Timelion is not possible.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves uncontrolled resource consumption in the Timelion component of Kibana, which can lead to Denial of Service via input data manipulation. Detection would involve monitoring for unusual or excessive resource usage related to Timelion visualizations.
Since the vulnerability is triggered by manipulated input data causing high resource consumption, you can check Kibana logs and system resource metrics for spikes or anomalies when Timelion visualizations are accessed.
There are no specific commands provided in the available resources to detect this vulnerability directly.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade Kibana to version 8.19.11 or 9.2.5 or later, where the issue is resolved.
If upgrading is not possible and you are a self-managed customer who does not use Timelion visualizations, you can disable the Timelion plugin by setting `vis_type_timelion.enabled: false` in the kibana.yml configuration file.
Note that disabling Timelion is not possible in Elastic Cloud hosted environments, so upgrading to a patched version is strongly recommended in those cases.