Description

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies. The crafted request can cause the application to perform redundant database retrieval operations that immediately consume memory until the server crashes and becomes unavailable to all users.

INFO

Published Date :

2026-01-13T21:05:51.994Z

Last Modified :

2026-01-13T21:25:44.808Z

Source :

elastic
AFFECTED PRODUCTS

The following products are affected by CVE-2026-0531 vulnerability.

Vendors Products
Elastic
  • Kibana
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-0531.

URL Resource
https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-04/384522 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-0531 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-0531 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact