Elastic Security Engineering and our bug bounty triage team completed a thorough analysis trying to reproduce these reports and were unable to do so. Researchers are required to share reproducible proof-of-concepts; however, they declined" - Elastic

AshES Cybersecurity confirmed that they chose not to send the PoC to Elastic or the company’s affiliates.

Elastic says that the researcher did not share the full details for the vulnerability and instead decided to make their claims public instead of following the principles of coordinated disclosure.