cbcvebase.
CVE-2026-33459
published 2026-04-08

CVE-2026-33459: Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to…

PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.24%
15.0th percentile
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, resulting in service disruption and deployment unavailability for all users.

Affected

6 ranges
VendorProductVersion rangeFixed in
elastickibana>= 8.15.0 < 8.19.148.19.14
elastickibana8.15.0 – 8.19.13
elastickibana>= 9.0.0 < 9.2.89.2.8
elastickibana9.0.0 – 9.2.7
elastickibana>= 9.3.0 < 9.3.39.3.3
elastickibana9.3.0 – 9.3.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.