Kibana Vulnerabilities

Security vulnerability tracking for Elastic Kibana

Last updated: Feb 26, 2026

Total CVEs

Critical

With Exploits

Last 30 Days

Vulnerability Timeline

4 vulnerabilities discovered over time for Kibana

Severity Distribution

Critical0

High4

100%

Medium1

25%

Low0

All Critical High Medium Low

		Description	Vendor / Product	Exploit Status
CVE-2026-26938	7.7	This vulnerability allows an attacker with specific permissions in Kibana to read any file on the server and potentially make unauthorized requests to other servers. To exploit this, the attacker must be an authenticated user with the ability to execute workflows.	elastickibana	Theoretical	about 1 month agoFeb 26, 2026
CVE-2026-26937	7.5	This vulnerability allows an attacker to overload the Kibana service, causing it to become unresponsive, effectively leading to a Denial of Service. It can be exploited by sending specially crafted input data to the Timelion component, which means that the attacker needs to have access to the Kibana interface to trigger the issue.	elastickibana	Theoretical	about 1 month agoFeb 26, 2026
CVE-2026-26936	7.5	This vulnerability allows an attacker to cause Kibana to crash or become unresponsive by sending specially crafted input that triggers excessive processing in the system's regular expressions. To exploit this, the attacker needs access to the AI Inference Anonymization Engine, which may be exposed through user inputs or API calls.	elastickibana	Exploit Available	about 1 month agoFeb 26, 2026
CVE-2026-26935	7.5	This vulnerability allows an attacker to crash the Kibana service by sending specially crafted input to its search feature, which can overwhelm the system. To exploit this, the attacker needs access to the internal Content Connectors endpoint, making it critical to secure that part of the application.	elastickibana	Exploit Available	about 1 month agoFeb 26, 2026

About Elastic Kibana Security

This page provides comprehensive security vulnerability tracking for Elastic Kibana. Our database includes all CVEs affecting this product, updated in real-time from official sources.

Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.

Security Recommendations

• Always keep Kibana updated to the latest version
• Subscribe to security advisories from Elastic
• Monitor this page for new vulnerabilities affecting your version
• Prioritize patching critical and high severity issues immediately

Subscribe to RSS Feed →View All Elastic Products →