Description
Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.
Published: 2026-01-14
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential memory corruption leading to code execution or denial of service
Action: Immediate Patch
AI Analysis

Impact

Packetbeat’s MongoDB protocol parser does not validate array indices correctly, allowing an attacker to send a malicious payload that overflows internal buffers. This flaw can corrupt memory and may provide a path to arbitrary code execution or a crash, depending on the system’s state at the time of the overflow.

Affected Systems

Elastic Packetbeat is vulnerable. No specific product versions are listed in the CVE data, so all affected releases prior to a patch should be considered at risk.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. EPSS is below 1%, suggesting that exploitation is currently rare, and the vulnerability is not listed in the CISA KEV catalog. The vulnerability requires an attacker to transmit a crafted MongoDB protocol packet to a monitored network interface; therefore the attack vector is likely over the network, possibly from a compromised host within the monitored subnet.

Generated by OpenCVE AI on April 18, 2026 at 06:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Packetbeat to the latest version that includes the security fix
  • If a patch is not immediately available, disable MongoDB protocol monitoring or remove the related module to prevent the vulnerable code from running
  • After applying fixes, monitor network traffic and system logs for signs of abnormal activity to detect any attempted exploitation

Generated by OpenCVE AI on April 18, 2026 at 06:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 15 Jan 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Elastic
Elastic packetbeat
Vendors & Products Elastic
Elastic packetbeat

Wed, 14 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 14 Jan 2026 10:15:00 +0000

Type Values Removed Values Added
Description Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.
Title Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers
Weaknesses CWE-129
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Elastic Packetbeat
cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2026-01-14T16:31:01.455Z

Reserved: 2025-12-19T15:43:38.402Z

Link: CVE-2026-0529

cve-icon Vulnrichment

Updated: 2026-01-14T16:26:47.979Z

cve-icon NVD

Status : Deferred

Published: 2026-01-14T10:16:08.813

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0529

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:30:25Z

Weaknesses