Denial of Service Vulnerability in Elasticsearch by Elastic
CVE-2026-56148

6.5MEDIUM

Key Information:

Vendor

Elastic

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-56148?

An issue in Elasticsearch allows authenticated users to exploit uncontrolled recursion within queries. This vulnerability can lead to denial of service as specially crafted queries may cause excessive resource allocation, potentially rendering affected nodes unavailable and impacting overall system performance.

Affected Version(s)

Elasticsearch 9.4.0 <= 9.4.2

Elasticsearch 9.0.0 <= 9.3.5

Elasticsearch 8.0.0 <= 8.19.16

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.