Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Kibana — Vulnerabilities & Security Advisories 107

All 107 CVE vulnerabilities found in Kibana, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities for the Kibana product, categorized under various weakness types and associated tags. It aggregates a comprehensive collection of common platform and software vulnerabilities affecting this specific visualization and logging platform. The data covers security issues reported and tracked from the early adoption of the product through recent years, ensuring a broad historical perspective on its security posture. Users can utilize this resource to track vendor advisories from Elastic regarding specific fixes and mitigations. It also allows for a deeper understanding of specific weakness classes that have impacted the product over time. Additionally, researchers and security analysts can look up the product's vulnerability history to identify trends, frequency of disclosures, and the evolution of security patches. This aggregated view supports informed decision-making for administrators managing Kibana deployments and helps security teams assess risk exposure based on past incident data. The focus remains strictly on factual vulnerability data to facilitate accurate risk assessment and remediation planning without unnecessary noise. By centralizing this information, the page serves as a vital reference for maintaining the integrity and security of Kibana installations in various operational environments. It emphasizes transparency and accessibility of security information for the broader community.

Vendor: Elastic

CVE IDTitleCVSSSeverityPublished
CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access CWE-918 6.3 Medium2026-05-28
CVE-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-05-28
CVE-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation CWE-20 7.2 Medium2026-05-28
CVE-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access CWE-918 7.7 High2026-05-28
CVE-2026-42399 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-05-28
CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-05-28
CVE-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection CWE-79 4.1 Medium2026-05-28
CVE-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access CWE-672 5.3 Medium2026-05-28
CVE-2026-33464 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-05-28
CVE-2026-33462 Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts CWE-22 4.6 Medium2026-05-28
CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure CWE-918 6.8 Medium2026-04-08
CVE-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-04-08
CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure CWE-863 4.3 Medium2026-04-08
CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure CWE-863 7.7 High2026-04-08
CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope CWE-250 7.7 High2026-04-08
CVE-2026-26940 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service CWE-1284 6.5 Medium2026-03-19
CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration CWE-862 6.5 Medium2026-03-19
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF) CWE-1336 8.6 High2026-02-26
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-02-26
CVE-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service CWE-1333 4.9 Medium2026-02-26
CVE-2026-26935 Improper Input Validation in Kibana Leading to Denial of Service CWE-20 6.5 Medium2026-02-26
CVE-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service CWE-1284 6.5 Medium2026-02-26
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector CWE-918 8.6 High2026-01-14
CVE-2026-0543 Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation CWE-20 6.5 Medium2026-01-13
CVE-2026-0531 Allocation of Resources Without Limits or Throttling in Kibana Fleet CWE-770 6.5 Medium2026-01-13
CVE-2026-0530 Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation CWE-770 6.5 Medium2026-01-13
CVE-2025-68422 Kibana Improper Authorization CWE-863 4.3 Medium2025-12-18
CVE-2025-68386 Kibana Improper Authorization CWE-863 4.3 Medium2025-12-18
CVE-2025-68389 Kibana Allocation of Resources Without Limits or Throttling CWE-770 6.5 Medium2025-12-18
CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 6.1 Medium2025-12-18

All 107 known CVE vulnerabilities affecting Kibana with full Chinese analysis, references, and POCs where available.