PT-2026-54769 · Elastic · Elasticsearch

Kruskall

·

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-49090

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Elasticsearch (affected versions not specified)
Description An authenticated user can trigger a denial of service by submitting a specially crafted bulk request. This leads to uncontrolled resource consumption through excessive allocation, resulting in sustained high CPU usage that can render the affected node unable to process requests.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-49090

Affected Products

Elasticsearch