Kibana is a free and open frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch. Commonly known as the charting tool for the Elastic Stack, Kibana also acts as the user interface for monitoring, managing, and securing an Elastic Stack cluster—as well as the centralized hub for built-in solutions developed on the Elastic Stack.

Kibana

MinimOS is a minimalist operating system designed for simplicity and efficiency. It aims to provide only essential functionalities, making it lightweight and suitable for resource-constrained environments. MinimOS is often used in embedded systems or as a base for custom operating system development.

MinimOS

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery (SSRF) via Code Injection (CAPEC-242). This requires an authenticated user who has the workflowsManagement:executeWorkflow privilege.

CVE-2026-26938

Minimus

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-26938	HIGH	7.7	Kibana	cpe:2.3:a:elastic:kibana	No	Yes	Feb 26, 2026
CVE-2026-26937	HIGH	7.5	Kibana	cpe:2.3:a:elastic:kibana	No	Yes	Feb 26, 2026
CVE-2026-26940	MEDIUM	6.5	Kibana	kibana-9.3	No	Yes	Mar 19, 2026
CVE-2026-26939	MEDIUM	6.5	Kibana	kibana-9.3	No	Yes	Mar 19, 2026
CVE-2026-26931	MEDIUM	5.7	Kibana	kibana-8.19	No	Yes	Mar 19, 2026

CVE-2026-26938:
Kibana vulnerability analysis and mitigation

7.7

Related Kibana vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-26938: Kibana vulnerability analysis and mitigation