Uncontrolled Resource Consumption in Elasticsearch by Elastic
CVE-2026-49090

6.5MEDIUM

Key Information:

Vendor

Elastic

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-49090?

A vulnerability in Elasticsearch allows authenticated users to submit specially crafted bulk requests, leading to high CPU consumption. This uncontrolled resource consumption can result in a denial of service, making the node unable to process further requests. This issue highlights the importance of managing user input and system resources effectively to maintain service availability.

Affected Version(s)

Elasticsearch 8.0.0 <= 8.14.3

Elasticsearch 7.0.0 <= 7.17.23

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.