Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Kibana — Vulnerabilities & Security Advisories 97

All 97 CVE vulnerabilities found in Kibana, with AI-generated Chinese analysis, references, and POCs.

Vendor: Elastic

CVE IDTitleCVSSSeverityPaused
CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure CWE-918 6.8 Medium2026-04-08
CVE-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-04-08
CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure CWE-863 4.3 Medium2026-04-08
CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure CWE-863 7.7 High2026-04-08
CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope CWE-250 7.7 High2026-04-08
CVE-2026-26940 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service CWE-1284 6.5 Medium2026-03-19
CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration CWE-862 6.5 Medium2026-03-19
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF) CWE-1336 8.6 High2026-02-26
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-02-26
CVE-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service CWE-1333 4.9 Medium2026-02-26
CVE-2026-26935 Improper Input Validation in Kibana Leading to Denial of Service CWE-20 6.5 Medium2026-02-26
CVE-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service CWE-1284 6.5 Medium2026-02-26
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector CWE-918 8.6 High2026-01-14
CVE-2026-0543 Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation CWE-20 6.5 Medium2026-01-13
CVE-2026-0531 Allocation of Resources Without Limits or Throttling in Kibana Fleet CWE-770 6.5 Medium2026-01-13
CVE-2026-0530 Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation CWE-770 6.5 Medium2026-01-13
CVE-2025-68422 Kibana Improper Authorization CWE-863 4.3 Medium2025-12-18
CVE-2025-68386 Kibana Improper Authorization CWE-863 4.3 Medium2025-12-18
CVE-2025-68389 Kibana Allocation of Resources Without Limits or Throttling CWE-770 6.5 Medium2025-12-18
CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 6.1 Medium2025-12-18
CVE-2025-68385 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 7.2 High2025-12-18
CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality CWE-79 5.4 Medium2025-12-15
CVE-2025-37734 Kibana Origin Validation Error CWE-346 4.3 Medium2025-11-12
CVE-2025-37735 Elastic Defend 安全漏洞 CWE-281 7.0 High2025-11-06
CVE-2025-25017 Kibana Stored Cross-Site Scripting (XSS) CWE-79 8.2 High2025-10-10
CVE-2025-25018 Kibana Stored Cross-Site Scripting (XSS) CWE-79 8.7 High2025-10-10
CVE-2025-25009 Kibana Cross-Site Scripting (XSS) CWE-79 8.7 High2025-10-07
CVE-2025-37728 Kibana Insufficiently Protected Credentials in the CrowdStrike Connector CWE-522 5.4 Medium2025-10-07
CVE-2025-25010 Kibana privilege escalation via reporting_user role CWE-863 6.5 Medium2025-08-28
CVE-2025-25012 Kibana Open Redirect CWE-601 4.3 Medium2025-06-25

All 97 known CVE vulnerabilities affecting Kibana with full Chinese analysis, references, and POCs where available.