CVE-2026-33464

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available resources and become unresponsive to all users until the service recovers or is restarted.

400

Uncontrolled Resource Consumption

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Access Control Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Bypass Protection Mechanism Other

Applicable Platforms

Technologies: Not Technology-Specific, AI/ML

Likelihood of Exploit: High

View CWE Details

https://discuss.elastic.co/t/kibana-8-19-16-9-3-5-9-4-1-sec…

https://discuss.elastic.co/t/kibana-8-19-16-9-3-5-9-4-1-security-update-esa-202…

CVE-2026-33464

Description

Uncontrolled Resource Consumption

Common Consequences

Applicable Platforms

Iscriviti alla newsletter