CVE-2026-56148
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
CVE-2026-56148 in Elasticsearch involves uncontrolled recursion leading to denial of service. An authenticated user can submit a specially crafted query causing excessive resource consumption during processing, potentially rendering the affected node unavailable.
Risk Assessment
The risk is that an attacker can cause a single Elasticsearch node to fail, potentially disrupting search and data analysis services within the organization.
Recommendation
It is recommended to immediately update Elasticsearch to a patched version and restrict query API access to trusted users only.
Original NVD description (English source)
Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.

