CVE-2026-33464: CWE-400 Uncontrolled Resource Consumption in Elastic Kibana
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available resources and become unresponsive to all users until the service recovers or is restarted.
AI Analysis
Technical Summary
This vulnerability in Elastic Kibana allows an authenticated user with low privileges to trigger uncontrolled resource consumption by submitting a specially crafted, oversized payload to an internal API. This results in excessive allocation of resources, causing the Kibana process to become unresponsive and effectively causing a denial of service. The issue is classified under CWE-400 and corresponds to CAPEC-130 (Excessive Allocation). It affects Kibana versions 8.0.0, 9.0.0, and 9.4.0. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability.
Potential Impact
Successful exploitation leads to denial of service by exhausting Kibana server resources, making the service unresponsive to all users until recovery or restart. There is no impact on confidentiality or integrity reported. The attacker must be authenticated with low privileges, limiting the attack surface to authorized users.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround is documented, organizations should monitor Elastic's advisories for updates. In the meantime, consider restricting or monitoring access to Kibana APIs for low-privileged users and limit the size of payloads accepted by internal APIs if possible.
CVE-2026-33464: CWE-400 Uncontrolled Resource Consumption in Elastic Kibana
Description
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available resources and become unresponsive to all users until the service recovers or is restarted.
CVSS v3.1
Score 6.5medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Elastic Kibana allows an authenticated user with low privileges to trigger uncontrolled resource consumption by submitting a specially crafted, oversized payload to an internal API. This results in excessive allocation of resources, causing the Kibana process to become unresponsive and effectively causing a denial of service. The issue is classified under CWE-400 and corresponds to CAPEC-130 (Excessive Allocation). It affects Kibana versions 8.0.0, 9.0.0, and 9.4.0. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability.
Potential Impact
Successful exploitation leads to denial of service by exhausting Kibana server resources, making the service unresponsive to all users until recovery or restart. There is no impact on confidentiality or integrity reported. The attacker must be authenticated with low privileges, limiting the attack surface to authorized users.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround is documented, organizations should monitor Elastic's advisories for updates. In the meantime, consider restricting or monitoring access to Kibana APIs for low-privileged users and limit the size of payloads accepted by internal APIs if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- elastic
- Date Reserved
- 2026-03-20T10:53:23.100Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a189d28e29bf47b50227a23
Added to database: 5/28/2026, 7:53:12 PM
Last enriched: 5/28/2026, 7:53:44 PM
Last updated: 5/29/2026, 7:46:53 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.