Description
Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).
Published: 2026-03-19
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

Memory Allocation with Excessive Size Value, classified as CWE‑789, is present in the Prometheus remote_write HTTP handler in Elastic Metricbeat. An attacker can target the remote_write endpoint with a specially crafted request that causes the application to allocate an excessively large amount of memory, leading to service interruption. The vulnerability exposes only availability loss; there is no indication that confidentiality or integrity is directly compromised.

Affected Systems

The vulnerability is reported for Elastic Metricbeat. No specific version range is supplied in the data, so all installations that have not applied a patch may be affected. Users should check their deployed Metricbeat version against recent Elastic advisories, as newer releases may already contain a fix.

Risk and Exploitability

The CVSS score is 5.7, indicating a moderate severity level. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting moderate likelihood of exploitation but limited existing evidence of widespread attacks. The attack vector is inferred to be remote, delivered via an external HTTP request to the remote_write endpoint, which can be performed over the network without authentication in many default configurations.

Generated by OpenCVE AI on March 19, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the Metricbeat version you are running to determine if the vulnerability applies
  • Consult Elastic’s release notes or advisory linked in the discussion forum for a patch, and apply it promptly
  • If a patch is unavailable, restrict network access to the remote_write endpoint using firewall rules or access control lists
  • Monitor system resource usage and logs for signs of abnormal memory allocation or service unavailability

Generated by OpenCVE AI on March 19, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5vrw-qjxw-89r5 Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service
History

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Elastic
Elastic metricbeat
Vendors & Products Elastic
Elastic metricbeat

Thu, 19 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Description Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).
Title Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Elastic Metricbeat
cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2026-03-19T17:20:38.549Z

Reserved: 2026-02-16T16:42:05.773Z

Link: CVE-2026-26931

cve-icon Vulnrichment

Updated: 2026-03-19T17:20:35.484Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T17:16:23.320

Modified: 2026-03-20T13:39:46.493

Link: CVE-2026-26931

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T11:06:47Z

Weaknesses