CVE-2026-56150
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
A CWE-770 vulnerability in Fleet Server allows an attacker to send a specially crafted request to an upload endpoint, causing excessive memory consumption and potentially leading to a denial of service (DoS).
Risk Assessment
The risk is that an attacker can remotely render Fleet Server unavailable, disrupting managed agents and infrastructure monitoring.
Recommendation
Immediately update Fleet Server to a patched version and implement rate limiting and memory quotas for upload endpoints.
Original NVD description (English source)
Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable.

