All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-56149
MEDIUMpublished 2026-07-01 17:16 UTC · 3 days ago · modified 2026-07-02 17:35 UTC
4.9
CVSS / 10
// description
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable.
// weaknesses (CWE)
- CWE-770