BIT-elk-2026-0531

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/elk/BIT-elk-2026-0531.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-elk-2026-0531

Aliases

BIT-kibana-2026-0531
CVE-2026-0531

Published

2026-01-16T08:39:03.612Z

Modified

2026-01-16T09:26:32.449058Z

Summary

Allocation of Resources Without Limits or Throttling in Kibana Fleet

Details

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies. The crafted request can cause the application to perform redundant database retrieval operations that immediately consume memory until the server crashes and becomes unavailable to all users.

Database specific

{
    "cpes": [
        "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:node.js:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / elk

Package

Name: elk
Purl: pkg:bitnami/elk

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.19.10

Introduced

9.0.0

Fixed

9.1.10

Introduced

9.2.0

Fixed

9.2.4

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/elk/BIT-elk-2026-0531.json"