2429394 – (CVE-2026-0543) CVE-2026-0543 Kibana: Kibana: Denial of Service due to improper input validation in Email Connector

Bug 2429394 (CVE-2026-0543) - CVE-2026-0543 Kibana: Kibana: Denial of Service due to improper input validation in Email Connector

Summary: CVE-2026-0543 Kibana: Kibana: Denial of Service due to improper input validat...

Keywords:
Status:	NEW
Alias:	CVE-2026-0543
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-13 22:01 UTC by OSIDB Bzimport
Modified:	2026-01-16 08:33 UTC (History)
CC List:	29 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-13 22:01:20 UTC

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.

Note You need to log in before you can comment on or make changes to this bug.

asoldano
bbaranow
bmaxwell
brian.stansberry
darran.lofthouse
dosoudil
eglynn
fjuma
istudens
ivassile
iweiss
jcantril
jjoyce
jschluet
lhh
mburns
mgarciac
mosmerov
msvehla
mwringe
nwallace
pberan
pesilva
pjindal
pmackay
rojacob
rstancel
smaestri
tom.jenkinson