Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High1
Medium3
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-01-14

CVE-2026-0532 - Kibana Plugin

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads.

PLUGIN Kibana

CVE-2026-0532

HIGH CVSS 8.6 2026-01-14
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0543 - Kibana Plugin

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.

PLUGIN Kibana

CVE-2026-0543

MEDIUM CVSS 6.5 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0531 - Kibana Plugin

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policies. The crafted request can cause the application to perform redundant database retrieval operations that immediately consume memory until the server crashes and becomes unavailable to all users.

PLUGIN Kibana

CVE-2026-0531

MEDIUM CVSS 6.5 2026-01-13
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-0530 - Kibana Plugin

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume system resources until service degradation or complete unavailability occurs.

PLUGIN Kibana

CVE-2026-0530

MEDIUM CVSS 6.5 2026-01-13
Open Full Technical Breakdown
Scroll to top