Moderate severityNVD Advisory· Published Mar 19, 2026· Updated Mar 19, 2026
Improper Validation of Array Index in Packetbeat Leading to Denial of Service
CVE-2026-26933
Description
Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/elastic/beats/v7Go | < 7.0.0-alpha2.0.20260126223743-dec1b31111ec | 7.0.0-alpha2.0.20260126223743-dec1b31111ec |
Affected products
32- osv-coords31 versionspkg:apk/chainguard/agentbeatpkg:apk/chainguard/agentbeat-fipspkg:apk/chainguard/auditbeat-8.19pkg:apk/chainguard/auditbeat-9.3pkg:apk/chainguard/auditbeat-9.4pkg:apk/chainguard/auditbeat-fips-8.19pkg:apk/chainguard/auditbeat-fips-9.2pkg:apk/chainguard/auditbeat-fips-9.3pkg:apk/chainguard/auditbeat-fips-9.4pkg:apk/chainguard/filebeat-8.19pkg:apk/chainguard/filebeat-9.3pkg:apk/chainguard/filebeat-9.4pkg:apk/chainguard/filebeat-fips-8.19pkg:apk/chainguard/filebeat-fips-9.2pkg:apk/chainguard/filebeat-fips-9.3pkg:apk/chainguard/filebeat-fips-9.4pkg:apk/chainguard/heartbeat-8.19pkg:apk/chainguard/heartbeat-9.3pkg:apk/chainguard/heartbeat-9.4pkg:apk/chainguard/heartbeat-fips-8.19pkg:apk/chainguard/heartbeat-fips-9.2pkg:apk/chainguard/heartbeat-fips-9.3pkg:apk/chainguard/heartbeat-fips-9.4pkg:apk/chainguard/metricbeat-8.19pkg:apk/chainguard/metricbeat-9.3pkg:apk/chainguard/metricbeat-9.4pkg:apk/chainguard/metricbeat-fips-8.19pkg:apk/chainguard/metricbeat-fips-9.2pkg:apk/chainguard/metricbeat-fips-9.3pkg:apk/chainguard/metricbeat-fips-9.4pkg:golang/github.com/elastic/beats/v7
< 0+ 30 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.0.0-alpha2.0.20260126223743-dec1b31111ec
- Range: 9.0.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-27qj-9gvp-8rh9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-26933ghsaADVISORY
- discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533ghsaWEB
- github.com/elastic/beats/commit/941098459db6556b837194f40c076b08d51137cbghsaWEB
- github.com/elastic/beats/commit/dec1b31111ec3500b82db21ba67dde5c914ee94dghsaWEB
News mentions
0No linked articles in our index yet.