CVE-2026-26935
Published: 26 February 2026
Summary
CVE-2026-26935 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Elastic Kibana. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 27.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-26935 is an improper input validation vulnerability (CWE-20) affecting the internal Content Connectors search endpoint in Kibana. Published on 2026-02-26, it enables a denial of service condition through input data manipulation (CAPEC-153). The issue carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
A remote attacker with low privileges can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation leads to a denial of service, significantly impacting availability without affecting confidentiality or integrity.
Elastic Security Advisory ESA-2026-13 addresses this issue, with details available at https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-13/385249. Practitioners should consult the advisory for affected Kibana versions and recommended patches.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8865
Vulnerability details
Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation in Kibana search endpoint directly enables authenticated remote DoS via application exploitation (crash or resource exhaustion).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all inputs to the Content Connectors search endpoint, blocking the malformed data that triggers the DoS condition.
Mandates technical controls to protect against or limit the effects of denial-of-service attacks launched via manipulated search input.
Enables continuous monitoring of the Kibana endpoint for anomalous input patterns or resource exhaustion indicative of this attack.