CVE-2026-26932

Medium CVSS: 5.7

Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port.

Vendor

Elasticsearch

Product

Packetbeat

CWE

CWE-129

Yayın Tarihi

2026-02-26 18:23:07

Güncelleme

2026-03-12 20:23:24

Source Identifier

security@elastic.co

KEV Date Added

Kategoriler

CWE-129 Packetbeat MEDIUM Elasticsearch 2026

Referanslar

https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-10/385247

Benzer Kayıtlar

Medium

CVE-2026-26933

Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Ser…

Medium

CVE-2025-68381

Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (…

Medium

CVE-2025-68382

Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the…

Medium

CVE-2025-68388

Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excess…