CVE-2026-26932

EPSS 0.02%
Veröffentlicht 26.02.2026 16:59:55
Zuletzt bearbeitet 12.03.2026 20:23:24
Quelle security@elastic.co
CVE-Watchlists
Login
Unerledigt
Login

Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elasticsearch ≫ Packetbeat Version >= 8.0.0 < 8.19.11

Elasticsearch ≫ Packetbeat Version >= 9.0.0 < 9.2.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@elastic.co	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-10/385247

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-26932

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-26932

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-26932

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-26932