Linux Distros Unpatched Vulnerability : CVE-2026-9752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygo...

CVE-2026-9752

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

EUVD-2026-35851

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

CVE-2026-9752

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

UBUNTU-CVE-2026-9752

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

PT-2026-48302

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when...

GHSA-5XM9-X7X4-4J5X Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS through the handling of Well-Known Text formatted strings with nested GeometryCollection objects. An attacker can cause a stackoverflow by sending specially crafted requests that exploit this recursion. Details...

CVE-2024-52981

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

Elasticsearch 7.17.24 and 8.15.1 Security Update (ESA-2024-37)

Elasticsearch Uncontrolled Resource Consumption vulnerability ESA-2024-37 An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow. Affected Versions: Elasticsearch versions 7.17....

Elastic Elasticsearch 资源管理错误漏洞

Elastic Elasticsearch is a search engine based on the Lucene library from the Dutch company Elastic. A resource management error vulnerability exists in Elastic Elasticsearch versions 7.17.0 through 7.17.23 and 8.0.0 through 8.15.0, which stems from a recursive issue when processing format string...