CVE Catalog

CVE-2026-56151

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

CVE-2026-56151 in Kibana is an improper input validation vulnerability (CWE-20) that allows an authenticated user to submit a specially crafted Fleet policy input, causing a denial of service (DoS) via input data manipulation (CAPEC-153). This attack renders Fleet agent, server, and policy management functionality unavailable.

Risk Assessment

The risk for the organization is that an attacker with Kibana access can disrupt Fleet operations, preventing agent and policy management, leading to outages in monitoring and infrastructure management.

Recommendation

Immediately upgrade Kibana to a version that includes the fix for Fleet policy input validation. Until the update is applied, restrict Kibana access to trusted users only.

Original NVD description (English source)

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS