kibana-9.0 | Snyk

Direct Vulnerabilities

Known vulnerabilities in the kibana-9.0 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2026-44492	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L CVE-2026-44979	*
L CVE-2026-49095	*
L CVE-2026-33463	*
L CVE-2026-42399	*
L CVE-2026-42398	*
L CVE-2026-33464	*
L CVE-2026-44495	*
L CVE-2026-42400	*
L CVE-2026-44490	*
H CVE-2026-33462	*
M CVE-2026-42401	*
L CVE-2026-44974	*
L CVE-2026-44494	*
H Use of Uninitialized Resource	*
H Uncontrolled Recursion	*
L CVE-2026-26939	*
L CVE-2026-33459	*
M CVE-2026-33461	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Improper Handling of Unicode Encoding	*
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Cross-site Scripting (XSS)	*
L Improper Handling of Exceptional Conditions	*
H Arbitrary Code Injection	*
L Improper Input Validation	*
L CVE-2026-6322	*
L OS Command Injection	*
L Deserialization of Untrusted Data	*
L CVE-2026-6321	*
L Resource Exhaustion	*
L Uncontrolled Recursion	*
L Arbitrary Code Injection	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Improper Encoding or Escaping of Output	*
L Allocation of Resources Without Limits or Throttling	*
L HTTP Response Splitting	*
H Server-Side Request Forgery (SSRF)	*
M Improper Authentication	*
L Allocation of Resources Without Limits or Throttling	*
H Uncontrolled Recursion	*
C Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
L Permissive Whitelist	*
L CRLF Injection	*
C Permissive Whitelist	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Improper Validation of Specified Quantity in Input	*
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	*
M CVE-2026-26940	*
L Uncontrolled Recursion	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
L GHSA-c7w3-x93f-qmm8	*
M Cross-site Scripting (XSS)	*
C Improper Certificate Validation	*
L Improper Input Validation	*
L Inefficient Regular Expression Complexity	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Improper Verification of Cryptographic Signature	*
H Resource Exhaustion	*
L Arbitrary Code Injection	*
L Improper Check for Unusual or Exceptional Conditions	*
H Cross-site Scripting (XSS)	*
L GHSA-442j-39wm-28r2	*
L GHSA-7rx3-28cr-v5wh	*
L Arbitrary Code Injection	*
L Arbitrary Code Injection	*
M CVE-2026-2950	*
C CVE-2026-4800	*
H Inefficient Regular Expression Complexity	*
C Arbitrary Code Injection	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L GHSA-r4q5-vmmm-2653	*
M HTTP Response Splitting	*
C Unintended Proxy or Intermediary ('Confused Deputy')	*
L GHSA-6v7q-wjvx-w8wg	*
L Information Exposure	*
L Resource Exhaustion	*
L GHSA-vvjj-xcjg-gr5g	*
L GHSA-w5hq-g745-h8pq	*
L XML Injection	*
L CVE-2026-1527	*
L CVE-2026-1526	*
L CVE-2026-26934	*
M Directory Traversal	*
H CVE-2026-26936	*
C CVE-2026-1525	*
H CVE-2026-26937	*
M Directory Traversal	*
L CVE-2026-2229	*
H CVE-2026-26935	*
L CVE-2026-3449	*
L CVE-2026-1528	*
L CVE-2025-68389	*
C Directory Traversal	*
L Algorithmic Complexity	*
L CVE-2025-68387	*
L Inefficient Regular Expression Complexity	*
L CVE-2026-0530	*
L CVE-2025-68422	*
L Allocation of Resources Without Limits or Throttling	*
H Server-Side Request Forgery (SSRF)	*
L CVE-2026-0531	*
L CVE-2025-37732	*
L CVE-2026-0532	*
H Buffer Overflow	*
M CVE-2025-68385	*
L CVE-2025-68386	*
M CVE-2025-25009	<9.0.8-r0
L CVE-2025-37728	<9.0.8-r0
M CVE-2025-25018	<9.0.8-r0
M CVE-2025-25017	<9.0.7-r0
L OS Command Injection	*
H Inefficient Regular Expression Complexity	*
H Directory Traversal	*
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	*
L Inefficient Regular Expression Complexity	*
L Incorrect Regular Expression	*
H OS Command Injection	*
L CVE-2026-2739	*
L Server-Side Request Forgery (SSRF)	*
H CVE-2026-2327	*
L Improper Check for Unusual or Exceptional Conditions	*
L Directory Traversal	*
L Improper Input Validation	*
M CVE-2025-13465	*
M Improper Handling of Unicode Encoding	*
L GHSA-6475-r3vj-m8vf	*
M Directory Traversal	*
H Allocation of Resources Without Limits or Throttling	*
C Deserialization of Untrusted Data	*
H Improper Check or Handling of Exceptional Conditions	*
L Improper Verification of Cryptographic Signature	*
H Uncontrolled Recursion	*
L GHSA-rcmh-qjqh-p98v	*
L CVE-2025-12816	*
M Integer Overflow or Wraparound	*
L CVE-2025-13204	*
L OS Command Injection	*
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
L Arbitrary Code Injection	*
M CVE-2025-48985	*
M Cross-site Scripting (XSS)	*
L Allocation of Resources Without Limits or Throttling	<9.0.8-r0
L CVE-2025-9910	*
L Directory Traversal	<9.0.8-r0

Vulnerability

Vulnerable Version

CVE-2026-44492