Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2026-0530

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume system resources until service degradation or complete unavailability occurs.

Published

2026-01-13T21:15:50.817

Last Modified

2026-01-22T19:58:42.553

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	kibana	< 7.17.29	Yes
Application	elastic	kibana	< 8.19.10	Yes
Application	elastic	kibana	< 9.1.10	Yes
Application	elastic	kibana	< 9.2.4	Yes

References

https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-03/384521 Vendor Advisory ([email protected])