FKIE_CVE-2026-26933

Vulnerability from fkie_nvd - Published: 2026-03-19 18:16 - Updated: 2026-03-23 13:33
Severity ?
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.
References
security@elastic.cohttps://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533Vendor Advisory
Impacted products
Vendor Product Version
elasticsearch packetbeat *
elasticsearch packetbeat *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3AF1B0-F18A-41C2-B4AC-0156C95D7153",
              "versionEndExcluding": "8.19.11",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4936046E-0E8D-4A75-8FD4-F4266B47A8FE",
              "versionEndExcluding": "9.2.5",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces."
    },
    {
      "lang": "es",
      "value": "Validaci\u00f3n Incorrecta de \u00cdndice de Array (CWE-129) en m\u00faltiples componentes analizadores de protocolo en Packetbeat puede provocar denegaci\u00f3n de servicio a trav\u00e9s de Manipulaci\u00f3n de Datos de Entrada (CAPEC-153). Un atacante con la capacidad de enviar paquetes de red malformados y especialmente dise\u00f1ados a una interfaz de red monitoreada puede desencadenar operaciones de lectura fuera de l\u00edmites, lo que resulta en ca\u00eddas de la aplicaci\u00f3n o agotamiento de recursos. Esto requiere que el atacante est\u00e9 posicionado en el mismo segmento de red que la implementaci\u00f3n de Packetbeat o que controle el tr\u00e1fico enrutado a las interfaces monitoreadas."
    }
  ],
  "id": "CVE-2026-26933",
  "lastModified": "2026-03-23T13:33:43.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6,
        "source": "security@elastic.co",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-19T18:16:21.497",
  "references": [
    {
      "source": "security@elastic.co",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533"
    }
  ],
  "sourceIdentifier": "security@elastic.co",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-129"
        }
      ],
      "source": "security@elastic.co",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.