CVE Catalog

CVE-2026-56148

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

CVE-2026-56148 in Elasticsearch involves uncontrolled recursion leading to denial of service. An authenticated user can submit a specially crafted query causing excessive resource consumption during processing, potentially rendering the affected node unavailable.

Risk Assessment

The risk is that an attacker can cause a single Elasticsearch node to fail, potentially disrupting search and data analysis services within the organization.

Recommendation

It is recommended to immediately update Elasticsearch to a patched version and restrict query API access to trusted users only.

Original NVD description (English source)

Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS