VYPR
Moderate severityOSV Advisory· Published Jan 13, 2026· Updated Jan 13, 2026

Improper Input Validation in Metricbeat Leading to Denial of Service

CVE-2026-0528

Description

Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/elastic/beats/v7Go
< 7.0.0-alpha2.0.20251217054608-6e42552a23ce7.0.0-alpha2.0.20251217054608-6e42552a23ce
github.com/elastic/beats/v7Go
>= 8.0.0, < 8.19.108.19.10
github.com/elastic/beats/v7Go
>= 9.0.0, < 9.1.109.1.10
github.com/elastic/beats/v7Go
>= 9.2.0, < 9.2.49.2.4

Affected products

54

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.