Security Advisory

CVE-2026-26940

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-19 17:14:31

Last updated 2026-03-19 17:48:13

Assigner elastic

State PUBLISHED

Description

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.

← Browse all CVEs View on cve.org ↗