Typesense: Unauthenticated Denial of Service in the Typesense /multi_search Endpoint
CVE-2026-47216

8.7HIGH

Key Information:

Vendor: Typesense
Status: Typesense
Vendor: CVE Published:; 12 June 2026

What is CVE-2026-47216?

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to terminate. This issue can be exploited over the network without authentication and results in service unavailability. The duration of impact may vary depending on system configuration and dataset size. This issue has been patched in versions 29.1 and 30.2.

Affected Version(s)

typesense < 29.1 < 29.1

typesense >= 30.0, < 30.2 < 30.0, 30.2

References

https://github.com/typesense/typesense/security/advisorie...

x_refsource_CONFIRM

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-47216 Data

JSON