CVE-2026-0543

Medium CVSS: 6.5

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.

Vendor

Elastic

Product

Kibana

CWE

CWE-20

Yayın Tarihi

2026-01-13 21:15:51

Güncelleme

2026-01-22 20:04:20

Source Identifier

security@elastic.co

KEV Date Added

Kategoriler

CWE-20 Kibana MEDIUM Elastic 2026

Referanslar

https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-08/384523

Benzer Kayıtlar

Medium

CVE-2026-26939

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Resp…

Medium

CVE-2026-26940

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead De…

Medium

CVE-2026-26937

Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Dat…

High

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which cou…

Medium

CVE-2026-26934

Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-on…

Medium

CVE-2026-26935

Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Servi…