Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-v4uk-qdq3-m3e6
Vulnerability ID VCID-v4uk-qdq3-m3e6
Aliases CVE-2023-31418
GHSA-2cqf-6xv9-f22w
Summary Elasticsearch vulnerable to Uncontrolled Resource Consumption An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00925 https://api.first.org/data/v1/epss?cve=CVE-2023-31418
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-31418
https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616
https://www.elastic.co/community/security
CVE-2023-31418 https://nvd.nist.gov/vuln/detail/CVE-2023-31418
GHSA-2cqf-6xv9-f22w https://github.com/advisories/GHSA-2cqf-6xv9-f22w
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.76371
EPSS Score 0.00925
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T21:02:24.393302+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.elasticsearch/elasticsearch/CVE-2023-31418.yml 38.6.0