CVE-2015-1427
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
99.9%
p100
KEV
YES
Mar 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
99.9%EPSS · 30 days99.9%
2026-06-302026-07-16
Product
Elastic / Elasticsearch
Vulnerability
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
Added to KEV
Mar 25, 2022
Remediate by
Apr 15, 2022
Known ransomware use
No
Summary description
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-1427
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2014-3120—99.8%
KEV—80Elasticsearch Remote Code Execution Vulnerability—