Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation (ESA-2026-03)
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume system resources until service degradation or complete unavailability occurs.
Affected Versions:
-
7.x: All versions from 7.10.0 up to and including 7.17.29
-
8.x: All versions from 8.0.0 up to and including 8.19.9
-
9.x:
-
All versions from 9.0.0 up to and including 9.1.9
-
All versions from 9.2.0 up to and including 9.2.3
-
Solutions and Mitigations:
The issue is resolved in version 8.19.10, 9.1.10, 9.2.4.
Severity: CVSSv3.1: Medium (6.5) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2026-0530
Problem Type: CWE-770 - Allocation of Resources Without Limits or Throttling
Impact: CAPEC-130 - Excessive Allocation