HomeElasticCVE-2026-26935

CVE-2026-26935

MEDIUM
6.5CVSS
Published: 2026-02-26
Updated: 2026-03-02
AI Analysis

Description

Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

CVSS Metrics

Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
network
Complexity
low
Privileges
low
User Action
none
Scope
unchanged
Confidentiality
none
Integrity
none
Availability
high
Weaknesses
CWE-20

Metadata

Primary Vendor
ELASTIC
Published
2/26/2026
Last Modified
3/2/2026
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

elastic : kibanaelastic : kibanaelastic : kibana

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2026-26935 | MEDIUM Severity | CVEDatabase.com | CVEDatabase.com