Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-0543

Опубликовано: 13 янв. 2026
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.17.29 (включая)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.19.0 (исключая)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.1.10 (исключая)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Версия от 9.2.0 (включая) до 9.2.4 (исключая)

EPSS

Процентиль: 22%
0.00071
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-20
CWE-770

Связанные уязвимости

debian логотип

CVE-2026-0543

CVSS3: 6.5
debian
25 дней назад

Improper Input Validation (CWE-20) in Kibana's Email Connector can all ...

github логотип

GHSA-p2g6-3qpg-4v6h

CVSS3: 6.5
github
25 дней назад

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.

EPSS

Процентиль: 22%
0.00071
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-20
CWE-770