Description
Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.
Published: 2026-03-19
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

Packetbeat contains improper validation of array indices in multiple protocol parser components, leading to out‑of‑bounds read operations. A malicious actor can craft malformed network packets that cause Packetbeat to crash or exhaust system resources, resulting in denial of service. The weakness is classified as CWE‑129, and the effect is restricted to the application process, potentially affecting the availability of monitored services on the affected host.

Affected Systems

The vulnerability affects the Elastic Packetbeat product. No specific version information is provided in the official advisory, so all currently deployed instances may be vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score is 5.7, indicating moderate severity, while the EPSS score is below 1%, suggesting a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is network based; an attacker must send specialized packets to a monitored interface or control traffic on the same network segment as Packetbeat. If these conditions are met, the attacker can trigger the crash or resource exhaustion.

Generated by OpenCVE AI on March 23, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Packetbeat to the latest release that contains the security fix.
  • Restrict Packetbeat’s monitoring interfaces to trusted, internal networks only, removing exposure to untrusted segments.
  • Configure firewalls or packet filtering rules to discard malformed or suspicious packets before they reach Packetbeat.
  • Monitor Packetbeat logs and system metrics for crashes or abnormal resource usage to detect exploitation attempts.
  • Apply any vendor advisories or patches as soon as they become available if the official update is not yet released.

Generated by OpenCVE AI on March 23, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-27qj-9gvp-8rh9 Packetbeat does not properly validate an array index in multiple protocol parser components
History

Mon, 23 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Elasticsearch
Elasticsearch packetbeat
CPEs cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*
Vendors & Products Elasticsearch
Elasticsearch packetbeat

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Elastic
Elastic packetbeat
Vendors & Products Elastic
Elastic packetbeat

Thu, 19 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.
Title Improper Validation of Array Index in Packetbeat Leading to Denial of Service
Weaknesses CWE-129
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Elastic Packetbeat
Elasticsearch Packetbeat
cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2026-03-19T17:52:50.955Z

Reserved: 2026-02-16T16:42:05.773Z

Link: CVE-2026-26933

cve-icon Vulnrichment

Updated: 2026-03-19T17:52:38.936Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T18:16:21.497

Modified: 2026-03-23T13:33:43.510

Link: CVE-2026-26933

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:17Z

Weaknesses