CVE-2026-26940

Name of the Vulnerable Software and Affected Versions Kibana (affected versions not specified)

Description An improper validation of the quantity specified in input within the Timelion visualization plugin can lead to a denial of service through excessive allocation. An authenticated user can send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value. This issue is related to CAPEC-130 and CWE-1284.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.