Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.
Metrics
Affected Vendors & Products
References
History
Wed, 01 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Elastic
Elastic kibana |
|
| Vendors & Products |
Elastic
Elastic kibana |
Wed, 01 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable. | |
| Title | Improper Input Validation in Kibana Leading to Denial of Service | |
| Weaknesses | CWE-20 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: elastic
Published:
Updated: 2026-07-01T17:25:08.241Z
Reserved: 2026-06-19T11:01:02.535Z
Link: CVE-2026-56151
Updated: 2026-07-01T17:20:53.047Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T23:00:05Z