Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

kibana — Vulnerabilities & Security Advisories 97

All 97 CVE vulnerabilities found in kibana, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for Elastic Kibana, focusing on common weakness classifications. It collects a comprehensive list of reported security flaws affecting the Kibana dashboard and visualization platform, covering incidents from its initial release through the most recent updates in the current year. By consolidating these entries, the resource provides a unified view of the security landscape for this specific open-source data visualization tool. Users can track vendor advisories issued by Elastic to understand the timeline of discovery and remediation for critical issues. The page also allows readers to understand a weakness class by examining how specific vulnerabilities, such as cross-site scripting or authorization bypasses, have manifested in different versions of the software. Furthermore, users can look up a product's vulnerability history to assess the overall security posture and remediation practices over time. This structured approach helps security professionals, developers, and system administrators evaluate risks associated with their Kibana deployments. The data is organized to facilitate quick reference and deeper analysis of the types of flaws that have impacted the product, enabling informed decisions regarding patching and upgrade strategies. This aggregation serves as a historical record and a practical reference for maintaining the integrity of Kibana environments without requiring users to search multiple disparate sources for security information.

Vendor: Elastic

CVE IDTitleCVSSSeverityPublished
CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure CWE-918 6.8 Medium2026-04-08
CVE-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-04-08
CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure CWE-863 4.3 Medium2026-04-08
CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure CWE-863 7.7 High2026-04-08
CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope CWE-250 7.7 High2026-04-08
CVE-2026-26940 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service CWE-1284 6.5 Medium2026-03-19
CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration CWE-862 6.5 Medium2026-03-19
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF) CWE-1336 8.6 High2026-02-26
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service CWE-400 6.5 Medium2026-02-26
CVE-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service CWE-1333 4.9 Medium2026-02-26
CVE-2026-26935 Improper Input Validation in Kibana Leading to Denial of Service CWE-20 6.5 Medium2026-02-26
CVE-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service CWE-1284 6.5 Medium2026-02-26
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector CWE-918 8.6 High2026-01-14
CVE-2026-0543 Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation CWE-20 6.5 Medium2026-01-13
CVE-2026-0531 Allocation of Resources Without Limits or Throttling in Kibana Fleet CWE-770 6.5 Medium2026-01-13
CVE-2026-0530 Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation CWE-770 6.5 Medium2026-01-13
CVE-2025-68422 Kibana Improper Authorization CWE-863 4.3 Medium2025-12-18
CVE-2025-68386 Kibana Improper Authorization CWE-863 4.3 Medium2025-12-18
CVE-2025-68389 Kibana Allocation of Resources Without Limits or Throttling CWE-770 6.5 Medium2025-12-18
CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 6.1 Medium2025-12-18
CVE-2025-68385 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 7.2 High2025-12-18
CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality CWE-79 5.4 Medium2025-12-15
CVE-2025-37734 Kibana Origin Validation Error CWE-346 4.3 Medium2025-11-12
CVE-2025-37735 Elastic Defend 安全漏洞 CWE-281 7.0 High2025-11-06
CVE-2025-25017 Kibana Stored Cross-Site Scripting (XSS) CWE-79 8.2 High2025-10-10
CVE-2025-25018 Kibana Stored Cross-Site Scripting (XSS) CWE-79 8.7 High2025-10-10
CVE-2025-25009 Kibana Cross-Site Scripting (XSS) CWE-79 8.7 High2025-10-07
CVE-2025-37728 Kibana Insufficiently Protected Credentials in the CrowdStrike Connector CWE-522 5.4 Medium2025-10-07
CVE-2025-25010 Kibana privilege escalation via reporting_user role CWE-863 6.5 Medium2025-08-28
CVE-2025-25012 Kibana Open Redirect CWE-601 4.3 Medium2025-06-25

All 97 known CVE vulnerabilities affecting kibana with full Chinese analysis, references, and POCs where available.