CVE-2026-0530
published 2026-01-13CVE-2026-0530: Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request…
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.27%
19.0th percentile
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume system resources until service degradation or complete unavailability occurs.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | >= 7.10.0 < 7.17.29 | 7.17.29 |
| elastic | kibana | 7.10.0 – 7.17.29 | — |
| elastic | kibana | >= 8.0.0 < 8.19.10 | 8.19.10 |
| elastic | kibana | 8.0.0 – 8.19.9 | — |
| elastic | kibana | >= 9.0.0 < 9.1.10 | 9.1.10 |
| elastic | kibana | 9.0.0 – 9.1.9 | — |
| elastic | kibana | >= 9.2.0 < 9.2.4 | 9.2.4 |
| elastic | kibana | 9.2.0 – 9.2.3 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fwvg-47gh-ppm7: Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted re
ghsa_unreviewed·2026-01-13
CVE-2026-0530 [MEDIUM] CWE-770 GHSA-fwvg-47gh-ppm7: Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted re
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume system resources until service degradation or complete unavailability occurs.
Red Hat
kibana: allocation of resources without limits or throttling via specially crafted request
vendor_redhat·2026-01-13·CVSS 6.5
CVE-2026-0530 [MEDIUM] CWE-770 kibana: allocation of resources without limits or throttling via specially crafted request
kibana: allocation of resources without limits or throttling via specially crafted request
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume system resources until service degradation or complete unavailability occurs.
A flaw was found in Kibana Fleet. A remote attacker could exploit this vulnerability by sending a specially crafted request, leading to an excessive allocation of resources. This continuous consumption of system resources can result in service degradation or complete unavailability, effectively causing a Denial of Service (DoS).
Statement: This issue allows a remote attac
No detection rules found.
No public exploits indexed.
2026-01-13
Published