6.5
CVE-2026-56148
- EPSS 0.31%
- Veröffentlicht 01.07.2026 16:17:05
- Zuletzt bearbeitet 02.07.2026 17:38:29
- Quelle security@elastic.co
- CVE-Watchlists
- Unerledigt
Uncontrolled Recursion in Elasticsearch Leading to Denial of Service
Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elastic ≫ Elasticsearch Version >= 8.0.0 < 8.19.17
Elastic ≫ Elasticsearch Version >= 9.0.0 < 9.3.6
Elastic ≫ Elasticsearch Version >= 9.4.0 < 9.4.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.227 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@elastic.co | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
https://discuss.elastic.co/t/elasticsearch-8-19-17-9-3-6-9-4-3-security-update-esa-2026-42