Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-0531

Опубликовано: 13 янв. 2026
Источник: redhat
CVSS3: 6.5

Описание

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies. The crafted request can cause the application to perform redundant database retrieval operations that immediately consume memory until the server crashes and becomes unavailable to all users.

A flaw was found in Kibana. An attacker with low-level privileges equivalent to the viewer role, can exploit this vulnerability by sending a specially crafted bulk retrieval request. This request can trigger redundant database operations, causing the application to consume excessive memory, eventually resulting in a denial of service.

Отчет

This issue allows a remote attacker with low-level privileges equivalent to the viewer role, which grants read access to agent policies, to cause an excessive allocation of resources by sending specially crafted bulk retrieval requests, eventually resulting in a denial of service. As the attacker must have low-level privileges to exploit this issue, this vulnerability has been rated with a moderate severity.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2429392kibana: allocation of resources without limits or throttling via specially crafted bulk retrieval request

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-0531

CVSS3: 6.5
nvd
3 месяца назад

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies. The crafted request can cause the application to perform redundant database retrieval operations that immediately consume memory until the server crashes and becomes unavailable to all users.

debian логотип

CVE-2026-0531

CVSS3: 6.5
debian
3 месяца назад

Allocation of Resources Without Limits or Throttling (CWE-770) in Kiba ...

github логотип

GHSA-g37r-x966-x536

CVSS3: 6.5
github
3 месяца назад

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies. The crafted request can cause the application to perform redundant database retrieval operations that immediately consume memory until the server crashes and becomes unavailable to all users.

6.5 Medium

CVSS3