CVE-2026-33464

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H                                    

Vulnerability Description

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available resources and become unresponsive to all users until the service recovers or is restarted.

Vulnerability Details

Published Date

May 28, 2026

Last Modified

May 29, 2026

CWE ID

CWE-400

Source

NVD

Vendor

Elastic

Product

Kibana

External References

https://discuss.elastic.co/t/kibana-8-19-16-9-3-5-9-4-1-security-update-esa-2026-32/386548

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment