CVE-2026-56149: Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Exce
Summary
CVE-2026-56149 is a vulnerability in Elasticsearch where an attacker with elevated privileges can submit a specially crafted machine learning request that causes the system to allocate excessive memory without limits (CWE-770, a weakness where resources are allocated without proper restrictions), potentially crashing the affected server. This is a denial of service attack (making a service unavailable to legitimate users) that exploits the system's inability to throttle resource consumption.
Vulnerability Details
4.9(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
network
low
high
none
July 1, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-47482: NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause missing release of memory
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-56149
First tracked: July 1, 2026 at 02:09 PM
Classified by LLM (prompt v3) · confidence: 75%