Home > Vulnerability Database > CVE-2026-0543

Mend.io Vulnerability Database

CVE-2026-0543

Good to know:

Date: January 13, 2026

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.

Severity Score

6.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-0543

Url: https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-08/384523

Url: https://www.mend.io/vulnerability-database/CVE-2026-0543

Severity Score

6.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version https://github.com/elastic/kibana.git - v9.2.4;https://github.com/elastic/kibana.git - v9.1.10;https://github.com/elastic/kibana.git - v8.19.10

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-0543

Good to know:

Date: January 13, 2026

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?