All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-49090
MEDIUMpublished 2026-07-01 18:16 UTC · 3 days ago · modified 2026-07-02 14:43 UTC
6.5
CVSS / 10
// description
Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process requests.
// weaknesses (CWE)
- CWE-400