CVE Catalog

CVE-2026-56150

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

A CWE-770 vulnerability in Fleet Server allows an attacker to send a specially crafted request to an upload endpoint, causing excessive memory consumption and potentially leading to a denial of service (DoS).

Risk Assessment

The risk is that an attacker can remotely render Fleet Server unavailable, disrupting managed agents and infrastructure monitoring.

Recommendation

Immediately update Fleet Server to a patched version and implement rate limiting and memory quotas for upload endpoints.

Original NVD description (English source)

Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS