CVE-2026-56151

MEDIUM

Improper Input Validation in Kibana Leading to Denial of Service

Title source: cna
STIX 2.1

Description

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.

Scores

CVSS v3 6.5
EPSS 0.0024
EPSS Percentile 15.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (4)
Elastic/Kibana 8.0.0 - 8.19.16
elastic/kibana 8.0.0 - 8.19.17
Elastic/Kibana 9.0.0 - 9.3.5
Elastic/Kibana 9.4.0 - 9.4.2
Published Jul 01, 2026
Tracked Since Jul 01, 2026