Description
Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port.
Published: 2026-02-26
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (service interruption)
Action: Patch Immediately
AI Analysis

Impact

Improper validation of an array index in Packetbeat's PostgreSQL protocol parser can be triggered by an attacker who sends a specially crafted packet. The vulnerability, identified as CWE‑129, causes a Go runtime panic that terminates the Packetbeat process, resulting in a denial of service to the monitoring service.

Affected Systems

Elastic Packetbeat is affected. The flaw exists in any build where the PostgreSQL protocol is explicitly enabled and configured to monitor traffic on the chosen port. No specific version range is listed, so all deployed Packetbeat instances with PostgreSQL monitoring enabled should be considered potentially impacted.

Risk and Exploitability

The CVSS base score is 5.7, indicating a moderate impact. The EPSS score is less than 1 %, suggesting a very low probability of exploitation at the time of analysis. Packetbeat is not listed in the CISA KEV catalog. The attack vector is inferred to be network-based; an attacker must send a malicious packet to the port that Packetbeat is monitoring. Because the exploit requires the protocol to be enabled, the risk is limited to environments where PostgreSQL traffic monitoring is in use.

Generated by OpenCVE AI on April 17, 2026 at 14:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Packetbeat update to include the vendor‑released fix.
  • If PostgreSQL monitoring is not required, disable the pgsql protocol in the Packetbeat configuration.
  • Restrict the network interface or IP range that Packetbeat listens on to trusted sources only, reducing the surface for malicious packets.

Generated by OpenCVE AI on April 17, 2026 at 14:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Elasticsearch
Elasticsearch packetbeat
CPEs cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*
Vendors & Products Elasticsearch
Elasticsearch packetbeat

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Elastic
Elastic packetbeat
Vendors & Products Elastic
Elastic packetbeat

Thu, 26 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
Description Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port.
Title Improper Validation of Array Index in Packetbeat Leading to Denial of Service
Weaknesses CWE-129
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Elastic Packetbeat
Elasticsearch Packetbeat
cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2026-02-26T18:28:12.222Z

Reserved: 2026-02-16T16:42:05.773Z

Link: CVE-2026-26932

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-26T18:23:07.470

Modified: 2026-03-12T20:23:24.030

Link: CVE-2026-26932

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:30:20Z

Weaknesses