Vulnerability Database

320,453

Total vulnerabilities in the database

CVE-2026-0531

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies. The crafted request can cause the application to perform redundant database retrieval operations that immediately consume memory until the server crashes and becomes unavailable to all users.

Published: Jan 13, 2026
Updated: Jan 14, 2026
CVE: CVE-2026-0531
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-770

Affected Software
References

Software	From	Fixed in
elastic / kibana	7.10.0	7.17.29
elastic / kibana	8.0.0	8.19.10
elastic / kibana	9.0.0	9.1.10
elastic / kibana	9.2.0	9.2.4

https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-04/384522

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo