CVE-2026-0543
published 2026-01-13CVE-2026-0543: Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted…
PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.37%
28.9th percentile
Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | 7.0.0 – 7.17.29 | — |
| elastic | kibana | >= 8.0.0 < 8.19.0 | 8.19.0 |
| elastic | kibana | 8.0.0 – 8.19.9 | — |
| elastic | kibana | >= 9.0.0 < 9.1.10 | 9.1.10 |
| elastic | kibana | 9.0.0 – 9.1.9 | — |
| elastic | kibana | >= 9.2.0 < 9.2.4 | 9.2.4 |
| elastic | kibana | 9.2.0 – 9.2.3 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Kibana: Kibana: Denial of Service due to improper input validation in Email Connector
vendor_redhat·2026-01-13·CVSS 6.5
CVE-2026-0543 [MEDIUM] CWE-20 Kibana: Kibana: Denial of Service due to improper input validation in Email Connector
Kibana: Kibana: Denial of Service due to improper input validation in Email Connector
Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.
A flaw was found in Kibana's Email Connector. An authenticated attacker with view-level privileges can exploit this vulnerability by providing a specially crafted email address parameter. This improper input validation can lead to an excessive
GHSA
GHSA-p2g6-3qpg-4v6h: Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially
ghsa_unreviewed·2026-01-13
CVE-2026-0543 [MEDIUM] CWE-20 GHSA-p2g6-3qpg-4v6h: Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially
Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.
Suricata
ET EXPLOIT Redis RCE Attempt (CVE-2022-0543) M2
suricata·2026-01-27·CVSS 10.0
CVE-2022-0543 [CRITICAL] ET EXPLOIT Redis RCE Attempt (CVE-2022-0543) M2
ET EXPLOIT Redis RCE Attempt (CVE-2022-0543) M2
Rule: alert tcp any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Redis RCE Attempt (CVE-2022-0543) M2"; flow:established,to_server; content:"package|2e|loadlib|28|"; fast_pattern; content:"|22|luaopen_"; within:200; reference:cve,2022-0543; classtype:attempted-admin; sid:2067133; rev:1; metadata:attack_target Server, created_at 2026_01_27, cve CVE_2022_0543, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2026_01_27, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
No public exploits indexed.
2026-01-13
Published