Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable.
https://discuss.elastic.co/t/fleet-server-8-19-11-9-2-5-9-3-0-security-update-esa-2026-44