Vulnerabilities ›

CVE-2026-26937

Medium

Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

CWE-400 — Weakness Type

                    Published: Feb 26, 2026                      ·  Modified: Mar 5, 2026                      ·  Source: NVD                

CVSS v3

6.5

🔗 NVD Official

📄 Description (English)

Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

🤖 AI Executive Summary

CVE-2026-26937 is a denial of service vulnerability in Kibana's Timelion component caused by uncontrolled resource consumption when processing manipulated input data. Attackers can exploit this flaw to exhaust server resources and render the service unavailable.

📄 Description (Arabic)

يؤثر هذا الضعف على مكون Timelion في Kibana الذي يستخدم لتصور البيانات الزمنية. يمكن للمهاجمين استغلال معالجة المدخلات غير المحدودة لاستهلاك موارد الخادم بشكل مفرط. قد يؤدي هذا إلى توقف الخدمة وعدم توفر أدوات المراقبة والتحليل.

🤖 ملخص تنفيذي (AI)

This vulnerability affects Kibana's Timelion visualization component, allowing attackers to cause denial of service through resource exhaustion via specially crafted input data. Organizations using Kibana for log analysis and monitoring are at risk of service disruption.

🤖 AI Intelligence Analysis Analyzed: May 12, 2026 11:37

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1499 T1499.004

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update Kibana to the latest patched version that includes input validation and resource consumption limits for the Timelion component. Implement rate limiting on API endpoints, monitor resource usage patterns, and restrict access to Timelion features to authenticated users only.

🔧 خطوات المعالجة (العربية)

قم بتحديث Kibana إلى أحدث إصدار يتضمن التحقق من صحة المدخلات وحدود استهلاك الموارد. طبق تحديد معدل الطلبات على نقاط النهاية، راقب أنماط استخدام الموارد، وقيد الوصول إلى ميزات Timelion للمستخدمين المصرح لهم فقط.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1 2.2 3.1

🔵 SAMA CSF

ID.BE-5 PR.DS-4 DE.CM-1

🟡 ISO 27001:2022

A.12.1.1 A.12.1.2 A.12.4.1

🔗 References & Sources 1

🔗

https://discuss.elastic.co/t/kibana-8-19-11-9-2-5-security-update-esa-2026-15/385251

security@elastic.co

Vendor Advisory

📦 Affected Products / CPE 2 entries

elastic:kibana

📊 CVSS Score

6.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score6.5

CWECWE-400

Exploit No

Patch ✗ No

Published 2026-02-26

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-400

🏢 Vendor Advisories

🔗 https://discuss.elastic.co/t/kibana-8-19-11-9-2-5-se...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-26937

💬 Comments

Introduce Yourself

Sign In Required