Exposure of Kibana
JavaScript graphics, Search engines36
exposure score
3
sites use
1
exploited
8
critical
CVEs
107 resultsCVE-2026-26940MEDIUMImproper Validation of Specified Quantity in Input in Kibana Leading to Denial of ServiceEPSS 0.3%CVE-2024-11390MEDIUMKibana Unrestricted Upload of File with Dangerous Type Can Lead to XSSEPSS 0.3%CVE-2026-49095HIGHImproper Input Validation in Kibana Fleet Leading to Privilege EscalationEPSS 0.3%CVE-2026-26938HIGHImproper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)EPSS 0.3%CVE-2025-25010MEDIUMKibana privilege escalation via reporting_user roleEPSS 0.3%CVE-2026-33464MEDIUMUncontrolled Resource Consumption in Kibana Leading to Denial of ServiceEPSS 0.2%CVE-2026-33459MEDIUMUncontrolled Resource Consumption in Kibana Leading to Denial of ServiceEPSS 0.2%CVE-2026-49094MEDIUMUncontrolled Resource Consumption in Kibana Leading to Denial of ServiceEPSS 0.2%CVE-2025-25017HIGHKibana Stored Cross-Site Scripting (XSS)EPSS 0.2%CVE-2026-33463MEDIUMOperation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File AccessEPSS 0.2%CVE-2024-43710MEDIUMKibana server-side request forgeryEPSS 0.2%CVE-2025-37728MEDIUMKibana Insufficiently Protected Credentials in the CrowdStrike ConnectorEPSS 0.2%CVE-2026-33458MEDIUMServer-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information DisclosureEPSS 0.2%CVE-2026-33462MEDIUMPath Traversal in Kibana Leading to Unauthorized Deletion of User AccountsEPSS 0.2%CVE-2025-25009HIGHKibana Cross-Site Scripting (XSS)EPSS 0.2%CVE-2025-25018HIGHKibana Stored Cross-Site Scripting (XSS)EPSS 0.2%CVE-2025-37734MEDIUMKibana Origin Validation ErrorEPSS 0.2%CVE-2025-68422MEDIUMKibana Improper AuthorizationEPSS 0.2%CVE-2025-68385HIGHKibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')EPSS 0.2%CVE-2026-49093MEDIUMServer-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network AccessEPSS 0.2%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →