CVE-2026-26937
HIGH WAF: Medium
CVSS 7.5
Published: 2026-02-26
CWE-400
Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| elastic | kibana | 8.0.0 - 8.19.11 |
| elastic | kibana | 9.0.0 - 9.2.5 |
References
- discuss.elastic.co (Vendor Advisory)