Uncontrolled Recursion in Elasticsearch - CVE-2026-56148
Published: July 2, 2026
Elasticsearch
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to uncontrolled recursion in Elasticsearch when processing user-supplied queries. A remote user can submit a specially crafted query to cause a denial of service.
The issue may cause excessive resource consumption and render the affected node unavailable.