Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)

ismisepaul · March 19, 2026, 4:59pm

Deserialization of Untrusted Data in Elasticsearch Leading to Remote Code Execution

Dependency on Vulnerable Third-Party Component (CWE-1395) exists in PyTorch used by the machine learning model loading component in Elasticsearch that can allow an attacker to achieve remote code execution via Object Injection (CAPEC-586). Exploitation requires an attacker to have high-privileged access (the machine_learning_admin role) to upload and deploy a specially crafted, malicious model to the Elasticsearch cluster that triggers known vulnerabilities CVE-2025-32434.

Affected Versions:

8.x: All versions from 8.0.0 up to and including 8.19.7
9.x: All versions from 9.0.0 up to and including 9.1.7
Versions 9.2.0+ were never affected

Affected Configurations:

The vulnerability affects Elasticsearch deployments that have ML nodes and where PyTorch-based NLP models can be uploaded and deployed.

Solutions and Mitigations:

The issue is resolved in version 8.19.8, 9.1.8.

For Users that Cannot Upgrade:

Ensure that only trusted users are granted the machine_learning_admin role. Revoke this role from any users who do not have a legitimate need to upload or manage ML models.

Disable ML entirely: If ML functionality is not required, set xpack.ml.enabled: false in elasticsearch.yml on all nodes. Note that this disables all ML features, not just PyTorch model loading.

Only use models from trusted sources: As stated in the official Elastic documentation: "PyTorch models can execute code on your Elasticsearch server, exposing your cluster to potential security vulnerabilities. Only use models from trusted sources and never use models from unverified or unknown providers."

Elastic Cloud Serverless

Due to our continuous deployment and patching model, the vulnerability described in this security advisory was remediated in our Elastic Cloud Serverless offering before the public disclosure.

Severity: CVSSv3.1: High ( 7.2 ) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE ID: CVE-2025-32434
Problem Type: CWE-502 - Deserialization of Untrusted Data
Impact: CAPEC-586 - Object Injection

Topic		Replies	Views
Authorization exception when trying to import model to Elasticsearch cluster Elasticsearch elastic-stack-security , elastic-stack-machine-learning	3	3093	August 18, 2022
Elasticsearch 8.13.0 Security Update (ESA-2024-07) Security Announcements	0	6764	March 27, 2024
Elasticsearch 8.15.1 Security Update (ESA-2024-34) Security Announcements	0	2134	April 8, 2025
Elasticsearch 8.13.0 / 7.17.19 Security Update (ESA-2024-06) Security Announcements	0	11481	March 27, 2024
Elastic Stack 6.2.4 and 5.6.9 security update Security Announcements	1	12999	November 4, 2022

Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)

Related topics