Skip to main content

Kibana CVE-2026-56151

| EUVDEUVD-2026-41085 MEDIUM
Improper Input Validation (CWE-20)
2026-07-01 security@elastic.co GHSA-rvxp-jqfr-h65p
6.5
CVSS 3.1 · Vendor: elastic
Share

Severity by source

Vendor (elastic) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
6.5 MEDIUM

Network-accessible Fleet endpoint requires low-privilege authentication; impact is purely availability loss with no confidentiality or integrity compromise and no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (elastic).

CVSS VectorVendor: elastic

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 17:43 vuln.today

DescriptionCVE.org

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.

AnalysisAI

Fleet policy management in Kibana is vulnerable to denial of service through insufficient validation of user-supplied policy inputs. An authenticated Kibana user with Fleet write access can submit a specially crafted Fleet policy input that bypasses server-side validation, rendering Fleet agent management, server operations, and policy configuration unavailable. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid low-privilege Kibana credentials
Delivery
Authenticate to Kibana Fleet management interface
Exploit
Craft malformed Fleet policy input payload
Execution
Submit payload to Fleet policy endpoint
Persist
Bypass server-side input validation
Impact
Fleet agent, server, and policy management rendered unavailable

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated Kibana session with at minimum low-level privileges sufficient to submit Fleet policy inputs - specifically, the account must have Fleet write or Fleet all permissions in Kibana's RBAC model. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.5 Medium score (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately reflects the threat profile: network-accessible, low complexity, but constrained by required authentication (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Kibana user - such as an insider threat, a compromised low-privilege service account, or an attacker who obtained valid credentials through phishing - accesses the Fleet policy management interface and submits a specially crafted policy input with malformed data that bypasses validation. The Fleet subsystem fails to handle the unexpected input, causing Fleet agent communication, server processes, and policy management to become unavailable and disrupting Elastic Agent deployments across the organization. …
Remediation Upgrade Kibana to version 8.19.17 (for 8.x deployments), 9.3.6, or 9.4.3 (for 9.x deployments) as specified in Elastic security advisory ESA-2026-45 (https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Kibana

View all
CVE-2019-7609 CRITICAL POC
10.0 Mar 25

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated criti

CVE-2020-7012 HIGH POC
8.8 Jun 03

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. Rated hig

CVE-2018-17246 CRITICAL POC
9.8 Dec 20

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. Rated critical s

CVE-2025-25015 CRITICAL
9.9 Mar 05

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP

CVE-2018-17245 CRITICAL
9.8 Dec 20

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are us

CVE-2025-25014 CRITICAL
9.1 May 06

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine lea

CVE-2019-7610 CRITICAL
9.0 Mar 25

Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. Rated critical sever

CVE-2024-12556 HIGH
8.7 Apr 08

Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal. Rate

CVE-2024-37288 HIGH
8.8 Sep 09

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document con

CVE-2023-31415 HIGH
8.8 May 04

Kibana version 8.7.0 contains an arbitrary code execution flaw. Rated high severity (CVSS 8.8), this vulnerability is re

CVE-2023-31414 HIGH
8.8 May 04

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. Rated high severity (CVSS 8.8), this vulne

CVE-2026-26938 HIGH
8.6 Feb 26

Kibana versions up to 9.3.0 contains a vulnerability that allows attackers to read arbitrary files from the Kibana serve

Share

CVE-2026-56151 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy