CVE-2026-33464
published 2026-05-28CVE-2026-33464: Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.24%
15.6th percentile
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available resources and become unresponsive to all users until the service recovers or is restarted.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | — | — |
| elastic | kibana | >= 8.0.0 < 8.19.16 | 8.19.16 |
| elastic | kibana | 8.0.0 – 8.19.15 | — |
| elastic | kibana | >= 9.0.0 < 9.3.5 | 9.3.5 |
| elastic | kibana | 9.0.0 – 9.3.4 | — |
| elastic | kibana | 9.4.0 – 9.4.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Elastic Kibana up to 8.19.15/9.3.4/9.4.0 resource consumption (EUVD-2026-33010)
vuldb·2026-05-28·CVSS 6.5
CVE-2026-33464 [MEDIUM] Elastic Kibana up to 8.19.15/9.3.4/9.4.0 resource consumption (EUVD-2026-33010)
A vulnerability described as problematic has been identified in Elastic Kibana up to 8.19.15/9.3.4/9.4.0. This issue affects some unknown processing. Such manipulation leads to resource consumption.
This vulnerability is traded as CVE-2026-33464. The attack may be launched remotely. There is no exploit available.
GHSA
GHSA-r7m3-v6c2-v4vr: Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130)
ghsa_unreviewed·2026-05-28
CVE-2026-33464 [MEDIUM] CWE-400 GHSA-r7m3-v6c2-v4vr: Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130)
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available resources and become unresponsive to all users until the service recovers or is restarted.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-28
Published