Resource Allocation Issue in Fleet Server by Elastic
CVE-2026-56150

6.5MEDIUM

Key Information:

Vendor

Elastic

Vendor
CVE Published:
1 July 2026

What is CVE-2026-56150?

A vulnerability exists in Fleet Server that allows an attacker to exploit its upload endpoint by sending a specially crafted request. This request can lead to excessive memory consumption, potentially causing the Fleet Server to become unavailable. The issue arises from improper management of resource allocation, allowing for denial of service attacks.

Affected Version(s)

Fleet Server 9.0.0 <= 9.2.4

Fleet Server 8.0.0 <= 8.19.10

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.