Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Jan 13, 2026
Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation
CVE-2026-0543
Description
Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords4 versionspkg:apk/chainguard/kibana-8.17-bitnamipkg:apk/chainguard/kibana-8.18-bitnamipkg:bitnami/elkpkg:bitnami/kibana
< 8.17.10-r11+ 3 more
- (no CPE)range: < 8.17.10-r11
- (no CPE)range: < 8.18.8-r10
- (no CPE)range: < 8.19.10
- (no CPE)range: < 8.19.10
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.