CVE-2026-42399
Analyzed Analyzed - Analysis Complete
Uncontrolled Resource Consumption in Kibana via Excessive Allocation

Publication date: 2026-05-28

Last updated on: 2026-06-01

Assigner: Elastic

Description
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression containing deeply chained function calls. The resulting data structure grows without bound, exhausting available memory and causing the Kibana service to crash and become unavailable to all users.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-01
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-42399
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
elastic kibana From 8.0.0 (inc) to 8.19.16 (exc)
elastic kibana From 9.0.0 (inc) to 9.3.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Uncontrolled Resource Consumption issue (CWE-400) in Kibana. It allows an authenticated user with low privileges to cause Kibana to consume exponentially increasing amounts of memory. This happens when the user submits a specially crafted Timelion visualization expression that contains deeply chained function calls. The data structure created grows without limit, which exhausts the available memory.

As a result, the Kibana service crashes and becomes unavailable to all users.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition. Because the vulnerability causes Kibana to consume excessive memory and crash, the service becomes unavailable to all users.

This can disrupt business operations that rely on Kibana for data visualization and monitoring.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring Kibana for signs of excessive memory consumption or service crashes, especially after authenticated users submit Timelion visualization expressions.

Specifically, detection involves identifying deeply chained function calls in Timelion visualizations submitted by low-privileged authenticated users, which cause exponential memory growth.

While no explicit commands are provided, administrators can monitor Kibana process memory usage using system tools such as 'top' or 'ps' on Linux, or check Kibana logs for crashes or out-of-memory errors.

Additionally, reviewing Timelion visualization expressions for unusually complex or deeply chained function calls may help identify exploit attempts.

Mitigation Strategies

The immediate mitigation step is to upgrade Kibana to a fixed version: 8.19.16 or later for the 8.x branch, and 9.3.5 or later for the 9.x branch.

If upgrading immediately is not possible, restrict or disable access to the Timelion visualization feature for low-privileged authenticated users to prevent exploitation.

Monitor Kibana service health and memory usage closely to detect and respond to any signs of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42399. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart