CVE-2026-49090
- EPSS 0.25%
- Veröffentlicht 01.07.2026 17:15:54
- Zuletzt bearbeitet 02.07.2026 14:43:04
Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can...
CVE-2026-56149
- EPSS 0.32%
- Veröffentlicht 01.07.2026 16:21:24
- Zuletzt bearbeitet 02.07.2026 17:35:59
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes ...
CVE-2026-56148
- EPSS 0.3%
- Veröffentlicht 01.07.2026 16:17:05
- Zuletzt bearbeitet 02.07.2026 17:38:29
Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is process...
CVE-2025-68390
- EPSS 0.33%
- Veröffentlicht 18.12.2025 22:17:41
- Zuletzt bearbeitet 23.12.2025 17:44:51
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP reques...
CVE-2025-68384
- EPSS 0.25%
- Veröffentlicht 18.12.2025 22:04:50
- Zuletzt bearbeitet 23.12.2025 17:45:41
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized use...
CVE-2025-37731
- EPSS 0.16%
- Veröffentlicht 15.12.2025 10:42:21
- Zuletzt bearbeitet 18.12.2025 01:49:07
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
CVE-2025-37727
- EPSS 0.23%
- Veröffentlicht 10.10.2025 09:56:15
- Zuletzt bearbeitet 23.12.2025 17:39:24
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
CVE-2024-52979
- EPSS 0.52%
- Veröffentlicht 01.05.2025 13:13:07
- Zuletzt bearbeitet 02.10.2025 16:40:31
Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
CVE-2024-52981
- EPSS 0.51%
- Veröffentlicht 08.04.2025 16:54:16
- Zuletzt bearbeitet 02.10.2025 15:33:30
An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.
CVE-2024-52980
- EPSS 0.47%
- Veröffentlicht 08.04.2025 16:43:41
- Zuletzt bearbeitet 30.09.2025 21:35:59
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipelin...