Denial of Service Vulnerability in Elasticsearch by Elastic
CVE-2026-56149
4.9MEDIUM
What is CVE-2026-56149?
A resource allocation flaw in Elasticsearch allows users with elevated privileges to submit specially crafted machine learning requests that excessively consume memory. This can result in a denial of service, potentially making the affected instance unavailable to legitimate users. It is essential for users to apply necessary patches and follow best practices to mitigate this vulnerability.
Affected Version(s)
Elasticsearch 9.4.0 <= 9.4.2
Elasticsearch 9.0.0 <= 9.3.5
Elasticsearch 8.0.0 <= 8.19.16