CVE Catalog

CVE-2026-49087

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

CWE-770 vulnerability in Kibana allows a denial of service via excessive resource allocation. An authenticated attacker can send a crafted bulk deletion request, exhausting resources and making Kibana unavailable.

Risk Assessment

This attack can cause temporary Kibana unavailability, disrupting monitoring and data analysis, potentially crippling security and operational workflows.

Recommendation

Immediately update Kibana to a patched version and implement rate limiting for bulk deletion operations.

Original NVD description (English source)

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS