CVE-2026-33464
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
6.5
MEDIUM
CVSS 3.1
EPSS 0.05%
Description
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available resources and become unresponsive to all users until the service recovers or is restarted.
How to fix CVE-2026-33464
To remediate CVE-2026-33464, upgrade the affected package to a fixed version below.
- —upgrade to 9.4.2 or later
- —upgrade to 9.4.2 or later
Is CVE-2026-33464 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 9.4.2
- from 0, < 9.4.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |