Description
Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)
Published: 2026-02-26
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The vulnerability is uncontrolled resource consumption in Kibana’s Timelion component. An attacker can supply crafted input to trigger excessive processing, leading to high CPU or memory usage and a denial of service. This weakness is classified as CWE‑400 and is achieved through input data manipulation (CAPEC‑153). The impact is a disruption of Kibana service availability for all users, while confidentiality and integrity remain unaffected.

Affected Systems

The flaw affects Elastic Kibana installations that include the Timelion feature. No specific version is listed, so any deployment that has not applied the latest security update could be vulnerable. Administrators should verify that they are running a patched version of Kibana in which Timelion has been hardened.

Risk and Exploitability

The CVSS base score is 6.5, indicating medium severity. The EPSS score is below 1 %, suggesting a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is HTTP requests targeting the Timelion component with malicious query data; the attacker needs network access to Kibana and knowledge of Timelion’s input syntax, but no elevated privileges are required. If an attacker can reach the service, they may cause service disruption without needing a separate compromise.

Generated by OpenCVE AI on April 17, 2026 at 14:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Kibana release that contains the fix for Timelion resource exhaustion.
  • Restrict or disable the Timelion feature for users who do not need it or implement role‑based access controls to limit interaction with Timelion.
  • Configure resource limits or rate‑limiting on the Kibana HTTP API to prevent excessive query loads from a single user or source.
  • Monitor system metrics for abnormal CPU or memory consumption and set alerts to detect potential exploitation attempts.

Generated by OpenCVE AI on April 17, 2026 at 14:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 02 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

Fri, 27 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Elastic
Elastic kibana
Vendors & Products Elastic
Elastic kibana

Thu, 26 Feb 2026 18:30:00 +0000

Type Values Removed Values Added
Description Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)
Title Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Elastic Kibana
cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2026-02-27T16:04:41.385Z

Reserved: 2026-02-16T16:42:05.774Z

Link: CVE-2026-26937

cve-icon Vulnrichment

Updated: 2026-02-27T16:04:36.388Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-26T19:32:39.747

Modified: 2026-03-02T15:43:52.023

Link: CVE-2026-26937

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:30:20Z

Weaknesses