Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Jan 13, 2026

Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation

CVE-2026-0530

Description

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume system resources until service degradation or complete unavailability occurs.

Affected products

Elastic/KibanaOSV
Range: v9.2.0, v9.2.1, v9.2.2, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-03/384521mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000