vulnerability

Elastic Elasticsearch: CVE-2023-46673: Improper Handling of Exceptional Conditions

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

Nov 22, 2023

Added

May 13, 2025

Modified

Mar 25, 2026

Description

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

Solution

elastic-elasticsearch-upgrade-latest

References

CWE-755
CVE-2023-46673
https://attackerkb.com/topics/CVE-2023-46673
https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
https://www.elastic.co/community/security
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-2844

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report