CVE-2026-0531

MEDIUM6.5EPSS 0.08%

Allocation of Resources Without Limits or Throttling in Kibana Fleet

發布日:2026/1/16修改日:2026/1/16

也稱為:BIT-elk-2026-0531BIT-kibana-2026-0531

描述

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies. The crafted request can cause the application to perform redundant database retrieval operations that immediately consume memory until the server crashes and becomes unavailable to all users.

受影響套件(2)

Bitnami/elkfrom 0, < 8.19.10, >= 9.0.0, < 9.1.10, >= 9.2.0, < 9.2.4
Bitnami/kibanafrom 0, < 8.19.10, >= 9.0.0, < 9.1.10, >= 9.2.0, < 9.2.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

參考連結(2)

WEBhttps://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-04/384522
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2026-0531