Cyber Resilience

CVE-2026-26935

Medium

Published: 26 February 2026

Published
26 February 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0010 27.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26935 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Elastic Kibana. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 27.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-26935 is an improper input validation vulnerability (CWE-20) affecting the internal Content Connectors search endpoint in Kibana. Published on 2026-02-26, it enables a denial of service condition through input data manipulation (CAPEC-153). The issue carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

A remote attacker with low privileges can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation leads to a denial of service, significantly impacting availability without affecting confidentiality or integrity.

Elastic Security Advisory ESA-2026-13 addresses this issue, with details available at https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-13/385249. Practitioners should consult the advisory for affected Kibana versions and recommended patches.

EU & UK References

Vulnerability details

Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Improper input validation in Kibana search endpoint directly enables authenticated remote DoS via application exploitation (crash or resource exhaustion).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0528Same product: Elastic Kibana
CVE-2026-26936Same product: Elastic Kibana
CVE-2026-26937Same product: Elastic Kibana
CVE-2026-33458Same product: Elastic Kibana
CVE-2024-43707Same product: Elastic Kibana
CVE-2026-42398Same product: Elastic Kibana
CVE-2026-26938Same product: Elastic Kibana
CVE-2026-33461Same product: Elastic Kibana
CVE-2025-25015Same product: Elastic Kibana
CVE-2026-4498Same product: Elastic Kibana

Affected Assets

elastic
kibana
9.3.0 · 8.4.0 — 8.19.12 · 9.0.0 — 9.2.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs to the Content Connectors search endpoint, blocking the malformed data that triggers the DoS condition.

prevent

Mandates technical controls to protect against or limit the effects of denial-of-service attacks launched via manipulated search input.

detect

Enables continuous monitoring of the Kibana endpoint for anomalous input patterns or resource exhaustion indicative of this attack.

References