patchletter

The current version of Elasticsearch is 9.4.3 (as of 25/06/2026).

Elasticsearch

Elastic · current 9.4.3

Actively exploited vulnerabilities

The US cybersecurity agency CISA lists these vulnerabilities in its catalog of Known Exploited Vulnerabilities. Check your version and patch or mitigate promptly.

  • CVE-2014-3120Elasticsearch Remote Code Execution Vulnerability
  • CVE-2015-1427Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability

Source: CISA KEV. The CVE is matched to the product automatically — when in doubt, the linked NVD entry applies.

Elasticsearch at a glance

Elasticsearch is a widely used search and analytics engine, often the heart of logging and search stacks. Elastic ships regular releases plus security fixes; as a data platform holding sensitive content, it deserves hardening and timely updates.

For admins updates within a major version are rolling and low-risk; major-version jumps follow a documented path with attention to deprecations and possible reindexing. Kibana tracks the same version. Regardless of patch level, the fundamentals: security features on (TLS, authentication), no open API access, and snapshots as backups — exposed Elasticsearch clusters have caused large data leaks. Check client and integration compatibility across versions. Following Elastic's licensing changes, some run the OpenSearch fork — if so, follow its line. Track the version and its support window.

Support cycles (endoflife.date)

CycleLatest versionStatus
9.49.4.3supported
9.39.3.7End of Life
9.29.2.8End of Life
9.19.1.10End of Life
8.198.19.18EOL 15 Jul 27
8.188.18.8End of Life
9.09.0.8End of Life
8.178.17.10End of Life

Release history · as detected by patchletter

VersionChannelDateNotes
9.4.3STABLE25/06/2026Release notes →

Never miss a Elasticsearch update

We check the source daily and email you — instantly or as a digest. Free, one-click unsubscribe.

Watch Elasticsearch

Related tools in Servers & Databases