Denial of Service Vulnerability in Elasticsearch by Elastic
CVE-2026-56148
6.5MEDIUM
What is CVE-2026-56148?
An issue in Elasticsearch allows authenticated users to exploit uncontrolled recursion within queries. This vulnerability can lead to denial of service as specially crafted queries may cause excessive resource allocation, potentially rendering affected nodes unavailable and impacting overall system performance.
Affected Version(s)
Elasticsearch 9.4.0 <= 9.4.2
Elasticsearch 9.0.0 <= 9.3.5
Elasticsearch 8.0.0 <= 8.19.16