CVE-2026-26933

Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:elasticsearch:packetbeat::::::::
	cpe:2.3:a:elasticsearch:packetbeat::::::::

History

No history.

Information

Published : 2026-03-19 18:16

Updated : 2026-03-23 13:33

NVD link : CVE-2026-26933

Mitre link : CVE-2026-26933

CVE.ORG link : CVE-2026-26933

JSON object : View

Products Affected

elasticsearch

packetbeat

CWE

CWE-129

Improper Validation of Array Index

{"id": "CVE-2026-26933", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2026-03-19T18:16:21.497", "references": [{"url": "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533", "tags": ["Vendor Advisory"], "source": "security@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@elastic.co", "description": [{"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces."}, {"lang": "es", "value": "Validaci\u00f3n Incorrecta de \u00cdndice de Array (CWE-129) en m\u00faltiples componentes analizadores de protocolo en Packetbeat puede provocar denegaci\u00f3n de servicio a trav\u00e9s de Manipulaci\u00f3n de Datos de Entrada (CAPEC-153). Un atacante con la capacidad de enviar paquetes de red malformados y especialmente dise\u00f1ados a una interfaz de red monitoreada puede desencadenar operaciones de lectura fuera de l\u00edmites, lo que resulta en ca\u00eddas de la aplicaci\u00f3n o agotamiento de recursos. Esto requiere que el atacante est\u00e9 posicionado en el mismo segmento de red que la implementaci\u00f3n de Packetbeat o que controle el tr\u00e1fico enrutado a las interfaces monitoreadas."}], "lastModified": "2026-03-23T13:33:43.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B3AF1B0-F18A-41C2-B4AC-0156C95D7153", "versionEndExcluding": "8.19.11", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4936046E-0E8D-4A75-8FD4-F4266B47A8FE", "versionEndExcluding": "9.2.5", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@elastic.co"}