CVE-2026-56151 MEDIUM

CVE-2026-56151: Improper Input Validation in Kibana Leading to Denial of Service

Vendor Elastic
Product Kibana
Weakness CWE-20 · Input validation
Published July 1, 2026
Last update July 1, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.

Key dates

02Disclosure timeline

July 1, 2026 CVE published
July 1, 2026 Record updated