CVE-2026-33459

Source
https://cve.org/CVERecord?id=CVE-2026-33459
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33459.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33459
Aliases
Downstream
Published
2026-04-08T16:46:02.601Z
Modified
2026-07-08T08:12:26.952870762Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Details

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, resulting in service disruption and deployment unavailability for all users.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "9.3.0"
                },
                {
                    "last_affected": "9.3.2"
                },
                {
                    "introduced": "8.15.0"
                },
                {
                    "last_affected": "8.19.13"
                },
                {
                    "introduced": "9.0.0"
                },
                {
                    "last_affected": "9.2.7"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33459.json",
    "cna_assigner": "elastic",
    "cwe_ids": [
        "CWE-400"
    ]
}
References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "8.15.0"
        },
        {
            "fixed": "8.19.14"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.2.8"
        },
        {
            "introduced": "9.3.0"
        },
        {
            "fixed": "9.3.3"
        }
    ]
}

Affected versions

v9.*
v9.3.0
v9.3.1
v9.3.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33459.json"

Git / github.com/elastic/kibana

Affected ranges

Type
GIT
Repo
https://github.com/elastic/kibana
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "8.15.0"
        },
        {
            "fixed": "8.19.14"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.2.8"
        },
        {
            "introduced": "9.3.0"
        },
        {
            "fixed": "9.3.3"
        }
    ]
}

Affected versions

v9.*
v9.3.0
v9.3.1
v9.3.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33459.json"