{"data":{"id":"92968645-0c2a-4f52-8de3-c7770634c7f7","title":"CVE-2026-56149: Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Exce","summary":"CVE-2026-56149 is a vulnerability in Elasticsearch where an attacker with elevated privileges can submit a specially crafted machine learning request that causes the system to allocate excessive memory without limits (CWE-770, a weakness where resources are allocated without proper restrictions), potentially crashing the affected server. This is a denial of service attack (making a service unavailable to legitimate users) that exploits the system's inability to throttle resource consumption.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-56149","publishedAt":"2026-07-01T17:16:36.957Z","cveId":"CVE-2026-56149","cweIds":["CWE-770"],"cvssScore":"4.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Elasticsearch"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"high","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-01T17:16:36.957Z","capecIds":["CAPEC-130"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}