Improper Input Validation in Kibana Affects Elastic
CVE-2026-56151

6.5MEDIUM

Key Information:

Vendor

Elastic

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-56151?

An improper input validation issue in Kibana allows authenticated users to manipulate Fleet policy inputs, potentially leading to denial of service. This vulnerability can disrupt the functionality of Fleet agent, server, and policy management, rendering them unavailable. Users must ensure that they apply security updates to prevent exploitation of this vulnerability.

Affected Version(s)

Kibana 9.0.0 <= 9.3.5

Kibana 8.0.0 <= 8.19.16

Kibana 9.4.0 <= 9.4.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.