How severe is CVE-2026-0543?

CVE-2026-0543 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2026-0543

6.5MEDIUM

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an

Опубликовано: 1/13/2026Обновлено: 1/14/2026

Описание

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.

ИИ-АнализНа базе ИИ

Ссылки

https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-08/384523