Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Kibana — Vulnerabilities & Security Advisories 107

All 107 CVE vulnerabilities found in Kibana, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for Elastic Kibana, focusing on common weakness classifications. It collects a comprehensive list of reported security flaws affecting the Kibana dashboard and visualization platform, covering incidents from its initial release through the most recent updates in the current year. By consolidating these entries, the resource provides a unified view of the security landscape for this specific open-source data visualization tool. Users can track vendor advisories issued by Elastic to understand the timeline of discovery and remediation for critical issues. The page also allows readers to understand a weakness class by examining how specific vulnerabilities, such as cross-site scripting or authorization bypasses, have manifested in different versions of the software. Furthermore, users can look up a product's vulnerability history to assess the overall security posture and remediation practices over time. This structured approach helps security professionals, developers, and system administrators evaluate risks associated with their Kibana deployments. The data is organized to facilitate quick reference and deeper analysis of the types of flaws that have impacted the product, enabling informed decisions regarding patching and upgrade strategies. This aggregation serves as a historical record and a practical reference for maintaining the integrity of Kibana environments without requiring users to search multiple disparate sources for security information.

Vendor: Elastic

CVE IDTitleCVSSSeverityPublished
CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access CWE-918 6.3 Medium2026-05-28
CVE-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-05-28
CVE-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation CWE-20 7.2 Medium2026-05-28
CVE-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access CWE-918 7.7 High2026-05-28
CVE-2026-42399 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-05-28
CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-05-28
CVE-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection CWE-79 4.1 Medium2026-05-28
CVE-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access CWE-672 5.3 Medium2026-05-28
CVE-2026-33464 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-05-28
CVE-2026-33462 Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts CWE-22 4.6 Medium2026-05-28
CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure CWE-918 6.8 Medium2026-04-08
CVE-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-04-08
CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure CWE-863 4.3 Medium2026-04-08
CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure CWE-863 7.7 High2026-04-08
CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope CWE-250 7.7 High2026-04-08
CVE-2026-26940 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service CWE-1284 6.5 Medium2026-03-19
CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration CWE-862 6.5 Medium2026-03-19
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF) CWE-1336 8.6 High2026-02-26
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-02-26
CVE-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service CWE-1333 4.9 Medium2026-02-26
CVE-2026-26935 Improper Input Validation in Kibana Leading to Denial of Service CWE-20 6.5 Medium2026-02-26
CVE-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service CWE-1284 6.5 Medium2026-02-26
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector CWE-918 8.6 High2026-01-14
CVE-2026-0543 Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation CWE-20 6.5 Medium2026-01-13
CVE-2026-0531 Allocation of Resources Without Limits or Throttling in Kibana Fleet CWE-770 6.5 Medium2026-01-13
CVE-2026-0530 Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation CWE-770 6.5 Medium2026-01-13
CVE-2025-68422 Kibana Improper Authorization CWE-863 4.3 Medium2025-12-18
CVE-2025-68386 Kibana Improper Authorization CWE-863 4.3 Medium2025-12-18
CVE-2025-68389 Kibana Allocation of Resources Without Limits or Throttling CWE-770 6.5 Medium2025-12-18
CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 6.1 Medium2025-12-18

All 107 known CVE vulnerabilities affecting Kibana with full Chinese analysis, references, and POCs where available.