Skip to main content

Fleet Server EUVDEUVD-2026-41077

| CVE-2026-56150 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-07-01 security@elastic.co GHSA-w52p-h72q-gcpf
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Network-reachable, low-complexity memory-exhaustion DoS with availability-only impact (A:H, C/I:N); PR:N follows the vendor vector though upload endpoints may in practice require an agent API key.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jul 06, 2026 - 18:58 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 06, 2026 - 18:58 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 06, 2026 - 18:52 vuln.today
cvss_changed
Severity Changed
Jul 06, 2026 - 18:52 NVD
MEDIUM HIGH
CVSS changed
Jul 06, 2026 - 18:52 NVD
6.5 (MEDIUM) 7.5 (HIGH)
Analysis Generated
Jul 01, 2026 - 17:44 vuln.today

DescriptionNVD

Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable.

AnalysisAI

Denial of service in Elastic Fleet Server (versions 8.0.0-8.19.10 and 9.0.0-9.2.4) allows remote attackers to exhaust memory by sending a specially crafted request to an upload endpoint, driving excessive allocation until the server becomes unresponsive. The flaw is a resource-throttling failure (CWE-770) with availability-only impact and no confidentiality or integrity loss. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Fleet Server upload endpoint over network
Delivery
Send crafted oversized upload request
Exploit
Trigger unbounded memory allocation (CWE-770)
Execution
Exhaust server RAM
Persist
Fleet Server crashes or hangs
Impact
Fleet-wide agent management disrupted

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to a Fleet Server upload endpoint (the artifact/diagnostic upload HTTP path); the attacker submits a single specially crafted upload request that triggers unbounded memory allocation. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are internally consistent and point to a moderate, availability-only risk rather than a top-tier emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reach to the Fleet Server HTTP interface sends a single crafted request to an upload endpoint whose payload or declared size forces the server to allocate an outsized memory buffer. Repeating or scaling the request exhausts available RAM, causing the process to be OOM-killed or hang, cutting off agent policy delivery and check-ins fleet-wide. …
Remediation Vendor-released patch: upgrade Fleet Server to 8.19.11, 9.2.5, or 9.3.0 as documented in Elastic advisory ESA-2026-44 (https://discuss.elastic.co/t/fleet-server-8-19-11-9-2-5-9-3-0-security-update-esa-2026-44); 8.x users on 8.0.0-8.19.10 should move to 8.19.11, and 9.x users on 9.0.0-9.2.4 should move to 9.2.5 or 9.3.0. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Enable detailed monitoring on Fleet Server memory and CPU usage with automated alerting thresholds; isolate Fleet Server network segments from untrusted sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41077 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy