How severe is CVE-2026-0543?

CVE-2026-0543 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2026-0543

6.5MEDIUM

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an

Publicado: 1/13/2026Actualizado: 1/14/2026

Descripción

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.

Análisis IAImpulsado por IA

Referencias

https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-08/384523