How severe is CVE-2026-0543?

CVE-2026-0543 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2026-0543

6.5MEDIUM

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an

Veröffentlicht: 1/13/2026Aktualisiert: 1/14/2026

Beschreibung

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.

KI-AnalyseKI-gestützt

Referenzen

https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-08/384523