CVE-2026-0528

EPSS 0.05%
Veröffentlicht 13.01.2026 21:02:18
Zuletzt bearbeitet 22.01.2026 19:57:29
Quelle security@elastic.co
CVE-Watchlists
Login
Unerledigt
Login

Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elastic ≫ Kibana Version >= 7.0.0 < 7.17.29

Elastic ≫ Kibana Version >= 8.0.0 < 8.19.10

Elastic ≫ Kibana Version >= 9.0.0 < 9.1.10

Elastic ≫ Kibana Version >= 9.2.0 < 9.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@elastic.co	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://discuss.elastic.co/t/metricbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-01/384519

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-0528

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-0528

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-0528

EUVD