CVE-2026-42399
Uncontrolled Resource Consumption in Kibana via Excessive Allocation
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: Elastic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | kibana | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Uncontrolled Resource Consumption issue (CWE-400) in Kibana. It allows an authenticated user with low privileges to cause Kibana to consume exponentially increasing amounts of memory. This happens when the user submits a specially crafted Timelion visualization expression that contains deeply chained function calls. The data structure created grows without limit, which exhausts the available memory.
As a result, the Kibana service crashes and becomes unavailable to all users.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS) condition. Because the vulnerability causes Kibana to consume excessive memory and crash, the service becomes unavailable to all users.
This can disrupt business operations that rely on Kibana for data visualization and monitoring.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring Kibana for signs of excessive memory consumption or service crashes, especially after authenticated users submit Timelion visualization expressions.
Specifically, detection involves identifying deeply chained function calls in Timelion visualizations submitted by low-privileged authenticated users, which cause exponential memory growth.
While no explicit commands are provided, administrators can monitor Kibana process memory usage using system tools such as 'top' or 'ps' on Linux, or check Kibana logs for crashes or out-of-memory errors.
Additionally, reviewing Timelion visualization expressions for unusually complex or deeply chained function calls may help identify exploit attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Kibana to a fixed version: 8.19.16 or later for the 8.x branch, and 9.3.5 or later for the 9.x branch.
If upgrading immediately is not possible, restrict or disable access to the Timelion visualization feature for low-privileged authenticated users to prevent exploitation.
Monitor Kibana service health and memory usage closely to detect and respond to any signs of exploitation.