CVE-2026-33459Uncontrolled Resource Consumption in Kibana

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 86.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedApr 8

Description

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, resulting in service disruption and deployment unavailability for all users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDelastic/kibana8.15.08.19.14+2
CVEListV5elastic/kibana9.3.09.3.2+2

🔴Vulnerability Details

2
GHSA
GHSA-p635-f626-pv4p: Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130)2026-04-08
CVEList
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service2026-04-08

🕵️Threat Intelligence

1
Wiz
CVE-2026-33459 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-33459 — Uncontrolled Resource Consumption | cvebase