Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, resulting in service disruption and deployment unavailability for all users.
Affected Versions:
- 8.x: All versions from 8.15.0 up to and including 8.19.13
- 9.x:
- All versions from 9.0.0 up to and including 9.2.7
- All versions from 9.3.0 up to and including 9.3.2
Affected Configurations:
Deployments with the automatic import plugin enabled are affected. The plugin is enabled by default in Kibana 8.15 and later. Exploitation requires an authenticated user with Fleet and Integrations privileges.
Solutions and Mitigations:
The issue is resolved in versions 8.19.14, 9.2.8, and 9.3.3.
Indicators of Compromise (IOC)
Monitor for repeated or concurrent requests to automatic import endpoints from the same user or session, particularly requests with unusually large payloads.
- Review Kibana audit logs and HTTP access logs for patterns of high-volume requests to automatic import API endpoints.
- Monitor for HTTP 502 errors that may indicate resource exhaustion caused by exploitation attempts.
Elastic Cloud Serverless
Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.
Severity: CVSSv3.1: Medium ( 6.5 ) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2026-33459
Problem Type: CWE-400 - Uncontrolled Resource Consumption
Impact: CAPEC-130 - Excessive Allocation