Skip to main content

Fleet Server

2 CVEs product

Monthly

CVE-2026-56150 HIGH This Week

Denial of service in Elastic Fleet Server (versions 8.0.0-8.19.10 and 9.0.0-9.2.4) allows remote attackers to exhaust memory by sending a specially crafted request to an upload endpoint, driving excessive allocation until the server becomes unresponsive. The flaw is a resource-throttling failure (CWE-770) with availability-only impact and no confidentiality or integrity loss. No public exploit identified at time of analysis; EPSS is low (0.30%, 22nd percentile) and CISA SSVC records no observed exploitation.

Denial Of Service Fleet Server
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-46667 HIGH This Week

An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Fleet Server
NVD
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Elastic Fleet Server (versions 8.0.0-8.19.10 and 9.0.0-9.2.4) allows remote attackers to exhaust memory by sending a specially crafted request to an upload endpoint, driving excessive allocation until the server becomes unresponsive. The flaw is a resource-throttling failure (CWE-770) with availability-only impact and no confidentiality or integrity loss. No public exploit identified at time of analysis; EPSS is low (0.30%, 22nd percentile) and CISA SSVC records no observed exploitation.

Denial Of Service Fleet Server
NVD
EPSS 0% CVSS 8.1
HIGH This Week

An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Fleet Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy