CVE-2026-49094EPSS p14.8%

CVE-2026-49094CVE-2026-49094

elastic / kibana

Description

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume excessive CPU and memory resources while processing the request. This results in Kibana becoming unavailable to all users until the service is manually recovered.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS0.24% probability of exploitation · percentile 14.8% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-42400
CVE
CVE-2026-42399
CVE
CVE-2026-49093
CVE
CVE-2026-49095
CVE
CVE-2026-28383
CVE
CVE-2026-42398
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.