CVE-2026-26935

HIGH WAF: Medium

CVSS 7.5 Published: 2026-02-26

CWE-20

Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

WAF Coverage Analysis

Improper Input Validation Medium WAF Coverage

OWASP: A03:2021 Injection

920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection

Affected Software

Vendor	Product	Version
elastic	kibana	8.4.0 - 8.19.12
elastic	kibana	9.0.0 - 9.2.6
elastic	kibana	9.3.0

References

discuss.elastic.co (Vendor Advisory)

Back to CVE Database