2 matches found
CVE-2023-46667
Fleet Server vulnerability CVE-2023-46667 affects Fleet Server 8.10.0–8.10.2 where enrolment tokens are written in plaintext to log files, potentially enabling unauthorized agent enrolment and access to secrets (Elasticsearch and third‑party services) or arbitrary events. Exploitation is not desc...
CVE-2026-56150
MODE C: CVE-2026-56150 affects Elastic Fleet Server via Allocation of Resources Without Limits or Throttling (upload endpoint memory exhaustion). Multiple connected sources describe the vulnerability in Fleet Server's internal API packages and uploader, enabling an attacker to exhaust RAM and pot...