Elastic: >> Elastic Package Registry >> 0.7.0 Security Vulnerabilities
Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing closed.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-04-28