CVE-2026-26932

MEDIUM

5.7

Descricao

Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port.

Detalhes CVE

Pontuacao CVSS v3.15.7

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado2/26/2026

Ultima modificacao3/12/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

elasticsearch:packetbeat

Fraquezas (CWE)

CWE-129

Referencias

https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-10/385247(security@elastic.co)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.