CVE-2026-26933

Опубликовано: 19 мар. 2026

Источник: nvd

CVSS3: 5.7

EPSS Низкий

Описание

Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.

Ссылки

https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.19.11 (исключая)

cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*

Версия от 9.0.0 (включая) до 9.2.5 (исключая)

EPSS

Процентиль: 0%

0.00007

Низкий

5.7 Medium

CVSS3

Дефекты

CWE-129

Связанные уязвимости

CVE-2026-26933

CVSS3: 5.7

debian

13 дней назад

Improper Validation of Array Index (CWE-129) in multiple protocol pars ...

GHSA-27qj-9gvp-8rh9

CVSS3: 5.7

github

13 дней назад

Packetbeat does not properly validate an array index in multiple protocol parser components

EPSS

Процентиль: 0%

0.00007

Низкий

5.7 Medium

CVSS3

Дефекты

CWE-129