CVE-2026-33464
- Source
- https://cve.org/CVERecord?id=CVE-2026-33464
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-33464.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-33464
- Aliases
- Downstream
- Published
- 2026-05-28T19:35:31.655Z
- Modified
- 2026-06-26T04:09:55.416282860Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
- Details
-
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available resources and become unresponsive to all users until the service recovers or is restarted.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33464.json", "unresolved_ranges": [ { "source": "AFFECTED_FIELD", "extracted_events": [ { "last_affected": "9.4.0" }, { "introduced": "9.0.0" }, { "last_affected": "9.3.4" }, { "introduced": "8.0.0" }, { "last_affected": "8.19.15" } ] } ], "cwe_ids": [ "CWE-400" ], "cna_assigner": "elastic" }- References
Affected packages
Git / github.com/elastic/elasticsearch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/elastic/elasticsearch
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affected
- Database specific
{ "cpe": [ "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "cpe:2.3:a:elastic:kibana:9.4.0:*:*:*:*:*:*:*" ], "source": [ "CPE_RANGE", "CPE_STRING" ], "extracted_events": [ { "introduced": "8.0.0" }, { "fixed": "8.19.16" }, { "introduced": "9.0.0" }, { "fixed": "9.3.5" }, { "introduced": "0" }, { "last_affected": "9.4.0" } ] }
Git / github.com/elastic/kibana
Affected ranges
- Type
- GIT
- Repo
- https://github.com/elastic/kibana
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affected
- Database specific
{ "cpe": [ "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "cpe:2.3:a:elastic:kibana:9.4.0:*:*:*:*:*:*:*" ], "source": [ "CPE_RANGE", "CPE_STRING" ], "extracted_events": [ { "introduced": "8.0.0" }, { "fixed": "8.19.16" }, { "introduced": "9.0.0" }, { "fixed": "9.3.5" }, { "introduced": "0" }, { "last_affected": "9.4.0" } ] }
Affected versions
7.*
7.0-known-good
Other
deploy@1693594780
deploy@1693609987
deploy@1693853982
deploy@1693860790
deploy@1693866333
deploy@1694087994
deploy@1694162455
deploy@1694506029
deploy@1694683198
deploy@1695286747
deploy@1696328885
deploy@1696415195
deploy@1696508231
deploy@1696618725
deploy@1696873111
deploy@1697028216
deploy@1697232175
deploy@1697564183
deploy@1698046713
deploy@1698657637
deploy@1699260155
deploy@1699865290
deploy@1700491293
deploy@1701160888
deploy@1701687168
deploy@1702284899
deploy@1702367069
deploy@1702879551
deploy@1702903357
deploy@1703484304
deploy@1704089101
deploy@1704693922
deploy@1705298718
deploy@1705306975
deploy@1705903520
deploy@1706508321
deploy@1707113127
deploy@1707717945
deploy@1708322739
deploy@1708927574
deploy@1709532332
deploy@1709533819
deploy@1710137117
deploy@1710146776
deploy@1710741924
deploy@1711370131
deploy@1711952105
deploy@1712566963
deploy@1713161715
deploy@1713766425
deploy@1714371303
deploy@1714976069
deploy@1715580861
deploy@1716185667
deploy@1716790412
deploy@1716800745
deploy@1717395230
deploy@1717401777
deploy@1718000036
deploy@1718616070
deploy@1719209622
deploy@1719814351
deploy@1720419201
deploy@1721023892
deploy@1721628835
deploy@1722233551
deploy@1722838314
deploy@1723443177
deploy@1724047965
deploy@1724652827
deploy@1725257503
deploy@1725862301
deploy@1726473511
deploy@1727071987
deploy@1727676838
deploy@1728281754
deploy@1728886420
deploy@1729491328
deploy@1730095989
deploy@1730700921
deploy@1731305644
deploy@1731910526
deploy@1732515196
deploy@1733120035
deploy@1733724770
deploy@1734329529
deploy@1734934371
deploy@1735539127
deploy@1736144018
deploy@1736748791
deploy@1737353792
deploy@1737958429
deploy@1738563299
deploy@1739168190
deploy@1739772912
deploy@1740377517
deploy@1740982600
deploy@1741587091
deploy@1742191921
deploy@1742796690
deploy@1743401509
deploy@1744006300
deploy@1744611164
deploy@1745272860
deploy@1745820726
deploy@1746425571
deploy@1747030444
deploy@1747635089
deploy@1748239962
deploy@1748844884
deploy@1748942782
deploy@1749449628
deploy@1750054502
deploy@1750659199
deploy@1751264043
deploy@1751277018
deploy@1751868905
deploy@1752473612
deploy@1753078461
deploy@1753683246
deploy@1754288252
deploy@1754931892
deploy@1755497723
deploy@1756102496
deploy@1756707119
deploy@1757311879
deploy@1757916930
deploy@1758521525
deploy@1759126366
deploy@1759731406
deploy@1760335957
deploy@1761545598
deploy@1762150324
deploy@1762755325
deploy@1763360043
deploy@1763964909
deploy@1764659574
deploy@1765174614
deploy@1765779173
test-depl-20231013154558
test-depl-20231025084603
v4.*
v4.0.0-beta1
v4.0.0-beta1.1
v4.0.0-beta2
v4.0.0-beta3
v4.2.0-beta1
v5.*
v5.0.0-alpha5
v6.*
v6.0.0-alpha1
v6.0.0-alpha2
v7.*
v7.0.0-alpha1
v8.*
v8.0.0-alpha1
v8.0.0-alpha2
v8.19.0
v8.19.1
v8.19.10
v8.19.11
v8.19.12
v8.19.13
v8.19.14
v8.19.15
v8.19.2
v8.19.3
v8.19.4
v8.19.5
v8.19.6
v8.19.7
v8.19.8
v8.19.9
v9.*
v9.3.0
v9.3.1
v9.3.2
v9.3.3
v9.3.4