CVE-2026-26933

MEDIUM

5.7

Descripcion

Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.

Detalles CVE

Puntuacion CVSS v3.15.7

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vector de ataqueADJACENT_NETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado3/19/2026

Ultima modificacion3/23/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

elasticsearch:packetbeat

Debilidades (CWE)

CWE-129

Referencias

https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533(security@elastic.co)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.