CVE-2026-26931

{"id": "CVE-2026-26931", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2026-03-19T17:16:23.320", "references": [{"url": "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532", "source": "security@elastic.co"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@elastic.co", "description": [{"lang": "en", "value": "CWE-789"}]}], "descriptions": [{"lang": "en", "value": "Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130)."}, {"lang": "es", "value": "Asignaci\u00f3n de memoria con un valor de tama\u00f1o excesivo (CWE-789) en el gestor HTTP Prometheus remote_write en Metricbeat puede provocar denegaci\u00f3n de servicio mediante asignaci\u00f3n excesiva (CAPEC-130)."}], "lastModified": "2026-03-20T13:39:46.493", "sourceIdentifier": "security@elastic.co"}