wid-sec-w-2026-0545 · Published 2026-02-26 · View on BSI CERT-Bund ↗

Kibana: Multiple Vulnerabilities allow Denial of Service and Offenlegung from Informationen

CVSS 8.6 HIGH

Risk Summary

Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted, malformed payload causing excessive resource consumption and resulting in Kibana becoming unresponsive or crashing.

CVEs (5)

CVE-2026-26934 CVE-2026-26935 CVE-2026-26936 CVE-2026-26937 CVE-2026-26938

Affected Vendors

Open Source

Affected Products (10)

Open Source · Kibana <8.19.12

Open Source · Kibana 8.19.12

Open Source · Kibana <9.2.6

Open Source · Kibana 9.2.6

Open Source · Kibana <9.3.1

Open Source · Kibana 9.3.1

Open Source · Kibana <8.19.11

Open Source · Kibana 8.19.11

Open Source · Kibana <9.2.5

Open Source · Kibana 9.2.5

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more