PT-2026-54863 · Elastic · Elasticsearch

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-56148

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Elasticsearch versions prior to 8.19.17 Elasticsearch versions prior to 9.3.6 Elasticsearch versions prior to 9.4.3
Description An authenticated user can trigger a denial of service by submitting a specially crafted query. This occurs due to uncontrolled recursion, which leads to excessive resource allocation during request processing and may render the affected node unavailable.
Recommendations Update to version 8.19.17. Update to version 9.3.6. Update to version 9.4.3.

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56148

Affected Products

Elasticsearch