Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-0531

Опубликовано: 13 янв. 2026
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies. The crafted request can cause the application to perform redundant database retrieval operations that immediately consume memory until the server crashes and becomes unavailable to all users.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Версия от 7.10.0 (включая) до 7.17.29 (исключая)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.19.10 (исключая)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.1.10 (исключая)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Версия от 9.2.0 (включая) до 9.2.4 (исключая)

EPSS

Процентиль: 13%
0.00044
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-770

Связанные уязвимости

debian логотип

CVE-2026-0531

CVSS3: 6.5
debian
25 дней назад

Allocation of Resources Without Limits or Throttling (CWE-770) in Kiba ...

github логотип

GHSA-g37r-x966-x536

CVSS3: 6.5
github
25 дней назад

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies. The crafted request can cause the application to perform redundant database retrieval operations that immediately consume memory until the server crashes and becomes unavailable to all users.

EPSS

Процентиль: 13%
0.00044
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-770