Kibana is a free and open frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch. Commonly known as the charting tool for the Elastic Stack, Kibana also acts as the user interface for monitoring, managing, and securing an Elastic Stack cluster—as well as the centralized hub for built-in solutions developed on the Elastic Stack.

Kibana

MinimOS is a minimalist operating system designed for simplicity and efficiency. It aims to provide only essential functionalities, making it lightweight and suitable for resource-constrained environments. MinimOS is often used in embedded systems or as a base for custom operating system development.

MinimOS

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.

CVE-2026-26940

Minimus

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-26938	HIGH	7.7	Kibana	cpe:2.3:a:elastic:kibana	No	Yes	Feb 26, 2026
CVE-2026-26937	HIGH	7.5	Kibana	cpe:2.3:a:elastic:kibana	No	Yes	Feb 26, 2026
CVE-2026-26940	MEDIUM	6.5	Kibana	kibana-9.3	No	Yes	Mar 19, 2026
CVE-2026-26939	MEDIUM	6.5	Kibana	kibana-9.3	No	Yes	Mar 19, 2026
CVE-2026-26931	MEDIUM	5.7	Kibana	kibana-8.19	No	Yes	Mar 19, 2026

CVE-2026-26940:
Kibana vulnerability analysis and mitigation

6.5

Related Kibana vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-26940: Kibana vulnerability analysis and mitigation