Description
Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.
Published: 2026-01-13
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (service unavailability caused by excessive memory allocation)
Action: Immediate Patch
AI Analysis

Impact

The vulnerability stems from improper input validation in Kibana's Email Connector. When a special email address payload is supplied, the application attempts to process the malformed data, which triggers an excessive allocation fault. As a result, the Kibana service becomes completely unavailable to all users until it is manually restarted. The weakness aligns with CWE-20 (Input Validation) and CWE-770 (Excessive Allocation).

Affected Systems

The affected product is Elastic's Kibana. No specific version range is listed in the available data; users should check for the latest 8.19.x releases and beyond. The attack requires an authenticated user who holds at least view-level privileges and is authorized to execute connector actions.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. The EPSS score is reported as less than 1 %, implying a very low probability of exploitation in the wild. The vulnerability is not catalogued in the CISA KEV list, further reducing its exposure. Attackers need valid credentials and sufficient role privileges, meaning the threat is primarily from internal or compromised accounts rather than external anonymous actors. If exploited, the service will experience a denial of service until a manual restart is applied.

Generated by OpenCVE AI on April 18, 2026 at 06:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Kibana to a version that includes the security update for the Email Connector.
  • Restrict the ability to execute Email Connector actions to users with elevated privileges, disabling it for accounts with only view-level access.
  • Configure monitoring for anomaly detection on Email Connector logs and set alerts for unusual requests to enable rapid response.

Generated by OpenCVE AI on April 18, 2026 at 06:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
CPEs cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

Fri, 16 Jan 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Elastic
Elastic kibana
Vendors & Products Elastic
Elastic kibana

Tue, 13 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Description Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.
Title Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Elastic Kibana
cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2026-01-13T21:25:59.853Z

Reserved: 2025-12-31T12:02:48.756Z

Link: CVE-2026-0543

cve-icon Vulnrichment

Updated: 2026-01-13T21:25:53.582Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T21:15:51.170

Modified: 2026-01-22T20:04:20.370

Link: CVE-2026-0543

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-13T21:10:38Z

Links: CVE-2026-0543 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:30:25Z

Weaknesses