BIT-elk-2026-33459

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/elk/BIT-elk-2026-33459.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-elk-2026-33459
Aliases
Published
2026-04-13T05:38:35.203Z
Modified
2026-04-13T08:27:28.376561965Z
Summary
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Details

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, resulting in service disruption and deployment unavailability for all users.

Database specific 
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:node.js:*:*"
    ]
}
References

Affected packages

Bitnami / elk

Package

Name
elk
Purl
pkg:bitnami/elk

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.0.0
Fixed
8.19.14
Introduced
9.0.0
Fixed
9.2.8
Introduced
9.3.0
Fixed
9.3.3

Database specific

source 
"https://github.com/bitnami/vulndb/tree/main/data/elk/BIT-elk-2026-33459.json"