CVE-2026-56150

Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:*

History

06 Jul 2026, 18:51

Type Values Removed Values Added
References () https://discuss.elastic.co/t/fleet-server-8-19-11-9-2-5-9-3-0-security-update-esa-2026-44 - () https://discuss.elastic.co/t/fleet-server-8-19-11-9-2-5-9-3-0-security-update-esa-2026-44 - Vendor Advisory
First Time Elastic fleet Server
Elastic
CPE cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:*

01 Jul 2026, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-01 17:16

Updated : 2026-07-06 18:51


NVD link : CVE-2026-56150

Mitre link : CVE-2026-56150

CVE.ORG link : CVE-2026-56150


JSON object : View

Products Affected

elastic

  • fleet_server
CWE
CWE-770

Allocation of Resources Without Limits or Throttling