CVE-2026-47216— Typesense: Unauthenticated Denial of Service in the Typesense /multi_search Endpoint

Typesense: Unauthenticated Denial of Service in the Typesense /multi_search Endpoint

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to terminate. This issue can be exploited over the network without authentication and results in service unavailability. The duration of impact may vary depending on system configuration and dataset size. This issue has been patched in versions 29.1 and 30.2.

N/A

对因果或异常条件的不恰当检查

typesense 异常处理不当漏洞

typesense是美国typesense组织的一个内存搜索引擎。 typesense 29.1之前版本和30.2之前版本存在异常处理不当漏洞，该漏洞源于/multi_search端点存在未经身份验证的拒绝服务漏洞，特制请求触发请求处理中的未处理异常，导致服务器进程终止。

N/A

N/A