Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
ML API is network-reachable but requires high-privilege credentials; only availability is impacted with no scope change beyond the targeted node.
Primary rating from Vendor (elastic).
CVSS VectorVendor: elastic
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable.
AnalysisAI
Elasticsearch's machine learning API contains an unbounded resource allocation flaw that allows an authenticated user with elevated privileges to crash an affected node by submitting a specially crafted ML request over the network. The absence of throttling or quota enforcement on ML request memory consumption (CWE-770) means the node's JVM heap can be exhausted, rendering it unavailable without any confidentiality or integrity exposure. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a user authenticated with elevated privileges - the CVSS vector's PR:H explicitly confirms that neither unauthenticated nor low-privilege users can exploit this vulnerability. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) yields a base score of 4.9 (Medium), and the metric choices are well-calibrated to the actual risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained high-privilege Elasticsearch credentials - through credential theft, insider access, or lateral movement from a compromised administrator workstation - authenticates to the Elasticsearch REST API over the network and submits a specially crafted machine learning request. The request triggers the unthrottled memory allocation path, rapidly exhausting the target node's JVM heap until it becomes unresponsive. … |
| Remediation | The primary remediation is to upgrade Elasticsearch to a patched release as identified in Elastic security advisory ESA-2026-43 at https://discuss.elastic.co/t/elasticsearch-8-19-17-9-3-6-9-4-3-security-update-esa-2026-43. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Elasticsearch
View allDirectory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, a
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters.
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. Rated medium severit
The fix for CVE-2020-7009 was found to be incomplete. Rated high severity (CVSS 8.8), this vulnerability is remotely exp
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secre
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Le
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration prope
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when th
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41072
GHSA-p6pw-6f2m-xxpg