CVE-2026-33464
Analyzed Analyzed - Analysis Complete
Uncontrolled Resource Consumption in Kibana via Excessive Allocation

Publication date: 2026-05-28

Last updated on: 2026-05-29

Assigner: Elastic

Description
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available resources and become unresponsive to all users until the service recovers or is restarted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-29
Generated
2026-06-18
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-16
NVD
CVE-2026-33464
EUVD
EUVD-2026-33010
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
elastic kibana From 8.0.0 (inc) to 8.19.16 (exc)
elastic kibana From 9.0.0 (inc) to 9.3.5 (exc)
elastic kibana 9.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

The vulnerability can cause a denial of service in Kibana, making the service unresponsive to all users. This happens because the system resources are exhausted by the oversized payload submitted by an authenticated low-privileged user. The impact is that Kibana will stop functioning properly until it is either restarted or recovers on its own, potentially disrupting operations that depend on Kibana.

Executive Summary

CVE-2026-33464 is a vulnerability in Kibana that allows an authenticated user with a low-privileged role to cause a denial of service. This is done by submitting a specially crafted, oversized payload to an internal Kibana API, which leads to uncontrolled resource consumption. As a result, the Kibana process exhausts available system resources and becomes unresponsive to all users until it recovers or is restarted.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Kibana to a patched version. The vulnerability is fixed in Kibana versions 8.19.16, 9.3.5, and 9.4.1.

  • Upgrade Kibana to version 8.19.16 or later if you are using the 8.x series.
  • Upgrade Kibana to version 9.3.5 or later if you are using the 9.x series.
  • Restrict authenticated access to trusted users only, especially those with at least the Viewer role, to reduce risk until the upgrade is applied.

Note that Elastic Cloud Serverless deployments are not affected due to their continuous deployment and patching model.

Detection Guidance

This vulnerability can be detected by monitoring for signs of excessive resource consumption or unresponsiveness in the Kibana service, especially after authenticated users with low-privileged roles interact with internal Kibana APIs.

Since the vulnerability involves submission of specially crafted oversized payloads, detection can involve monitoring Kibana logs for unusually large API requests or spikes in resource usage (CPU, memory) related to Kibana processes.

Specific commands to help detect this condition include:

  • Use system monitoring tools like 'top' or 'htop' to observe Kibana process resource usage.
  • Use 'ps aux | grep kibana' to check Kibana process status and resource consumption.
  • Check Kibana logs for large or malformed API requests, for example: 'grep -i "payload" /var/log/kibana/kibana.log' or similar log paths.
  • Use network monitoring tools like 'tcpdump' or 'wireshark' to capture and analyze oversized payloads sent to Kibana's internal APIs.
  • If available, enable Kibana audit logging to track authenticated user actions and detect suspicious oversized requests.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33464. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart