Known Vulnerabilities for Elasticsearch by Elastic
Listed below are 10 of the newest known vulnerabilities associated with "Elasticsearch" by "Elastic".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5417 json | A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the fil... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2026-4498 json | Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data b... | Not Provided | 2026-04-08 | 2026-04-09 |
| CVE-2023-46673 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-22 | 2023-11-30 |
| CVE-2023-31419 json | A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a St... | 7.5 - HIGH | 2023-10-26 | 2024-02-01 |
| CVE-2023-31418 json | An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user coul... | 7.5 - HIGH | 2023-10-26 | 2023-11-30 |
| CVE-2023-31417 json | Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that ... | 4.4 - MEDIUM | 2023-10-26 | 2024-01-03 |
| CVE-2022-23712 json | A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibl... | 7.5 - HIGH | 2022-06-06 | 2022-10-05 |
| CVE-2022-23708 json | A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable... | 4.3 - MEDIUM | 2022-03-03 | 2023-07-03 |
| CVE-2021-37937 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-22 | 2023-11-30 |
| CVE-2021-22147 json | Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an au... | 6.5 - MEDIUM | 2021-09-15 | 2022-11-04 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Elastic | Elasticsearch | 7.9.2 | |||
| Application | Elastic | Elasticsearch | 7.9.0 | |||
| Application | Elastic | Elasticsearch | 7.8.1 | |||
| Application | Elastic | Elasticsearch | 7.8.0 | |||
| Application | Elastic | Elasticsearch | 7.7.1 | |||
| Application | Elastic | Elasticsearch | 7.7.0 | |||
| Application | Elastic | Elasticsearch | 7.6.2 | |||
| Application | Elastic | Elasticsearch | 7.6.1 | |||
| Application | Elastic | Elasticsearch | 7.6.0 | |||
| Application | Elastic | Elasticsearch | 7.5.2 | |||
| Application | Elastic | Elasticsearch | 7.5.1 | |||
| Application | Elastic | Elasticsearch | 7.5.0 | |||
| Application | Elastic | Elasticsearch | 7.4.2 | |||
| Application | Elastic | Elasticsearch | 7.4.1 | |||
| Application | Elastic | Elasticsearch | 7.4.0 | |||
| Application | Elastic | Elasticsearch | 7.3.2 | |||
| Application | Elastic | Elasticsearch | 7.3.1 | |||
| Application | Elastic | Elasticsearch | 7.3.0 | |||
| Application | Elastic | Elasticsearch | 7.2.1 | |||
| Application | Elastic | Elasticsearch | 7.2.0 |