CVE-2026-26933

Medium CVSS: 5.7

Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.

Vendor

Elasticsearch

Product

Packetbeat

CWE

CWE-129

Yayın Tarihi

2026-03-19 18:16:21

Güncelleme

2026-03-23 13:33:43

Source Identifier

security@elastic.co

KEV Date Added

Kategoriler

CWE-129 Packetbeat MEDIUM Elasticsearch 2026

Referanslar

https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533

Benzer Kayıtlar

Medium

CVE-2026-26932

Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service…

Medium

CVE-2025-68381

Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (…

Medium

CVE-2025-68382

Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the…

Medium

CVE-2025-68388

Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excess…