exploitDog

CVE-2026-26940

Опубликовано: 19 мар. 2026

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.

Ссылки

https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535

EPSS

Процентиль: 17%

0.00056

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-1284

Связанные уязвимости

GHSA-xfph-vq69-5ww2

CVSS3: 6.5

github

13 дней назад

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.

EPSS

Процентиль: 17%

0.00056

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-1284