{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26933", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2026-02-16T16:42:05.773Z", "datePublished": "2026-03-19T17:08:45.745Z", "dateUpdated": "2026-03-19T17:52:50.955Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Packetbeat", "vendor": "Elastic", "versions": [{"lessThanOrEqual": "9.2.4", "status": "affected", "version": "9.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.19.10", "status": "affected", "version": "8.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.</p>"}], "value": "Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2026-03-19T17:08:45.745Z"}, "references": [{"url": "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533"}], "source": {"discovery": "Elastic"}, "title": "Improper Validation of Array Index in Packetbeat Leading to Denial of Service", "x_generator": {"engine": "Elastic CVE Publisher 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T17:52:18.932207Z", "id": "CVE-2026-26933", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T17:52:50.955Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26933", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T17:52:18.932207Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T17:52:38.936Z"}}], "cna": {"title": "Improper Validation of Array Index in Packetbeat Leading to Denial of Service", "source": {"discovery": "Elastic"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Elastic", "product": "Packetbeat", "versions": [{"status": "affected", "version": "9.0.0", "versionType": "semver", "lessThanOrEqual": "9.2.4"}, {"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.19.10"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533"}], "x_generator": {"engine": "Elastic CVE Publisher 0.0.1"}, "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2026-03-19T17:08:45.745Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26933", "state": "PUBLISHED", "dateUpdated": "2026-03-19T17:52:50.955Z", "dateReserved": "2026-02-16T16:42:05.773Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2026-03-19T17:08:45.745Z", "assignerShortName": "elastic"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B3AF1B0-F18A-41C2-B4AC-0156C95D7153", "versionEndExcluding": "8.19.11", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*", "matchCriteriaId": "4936046E-0E8D-4A75-8FD4-F4266B47A8FE", "versionEndExcluding": "9.2.5", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces."}], "id": "CVE-2026-26933", "lastModified": "2026-03-23T13:33:43.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "security@elastic.co", "type": "Secondary"}]}, "published": "2026-03-19T18:16:21.497", "references": [{"source": "security@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533"}], "sourceIdentifier": "security@elastic.co", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "security@elastic.co", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.0.0,9.2.4]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.19.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Packetbeat", "source": "cna", "vendor": "Elastic"}, "product": "packetbeat", "vendor": "elastic"}], "analysis": {"en": {"generated_at": "2026-03-23T14:37:57.328100+00:00", "value": {"mitigation_remediation": ["Update Packetbeat to the latest release that contains the security fix.", "Restrict Packetbeat\u2019s monitoring interfaces to trusted, internal networks only, removing exposure to untrusted segments.", "Configure firewalls or packet filtering rules to discard malformed or suspicious packets before they reach Packetbeat.", "Monitor Packetbeat logs and system metrics for crashes or abnormal resource usage to detect exploitation attempts.", "Apply any vendor advisories or patches as soon as they become available if the official update is not yet released."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Elastic Packetbeat product. No specific version information is provided in the official advisory, so all currently deployed instances may be vulnerable until a patch is applied.", "description_and_impact": "Packetbeat contains improper validation of array indices in multiple protocol parser components, leading to out\u2011of\u2011bounds read operations. A malicious actor can craft malformed network packets that cause Packetbeat to crash or exhaust system resources, resulting in denial of service. The weakness is classified as CWE\u2011129, and the effect is restricted to the application process, potentially affecting the availability of monitored services on the affected host.", "risk_and_exploitability": "The CVSS score is 5.7, indicating moderate severity, while the EPSS score is below 1%, suggesting a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is network based; an attacker must send specialized packets to a monitored interface or control traffic on the same network segment as Packetbeat. If these conditions are met, the attacker can trigger the crash or resource exhaustion."}}}}, "created": "2026-03-20T08:56:36.063615+00:00", "updated": "2026-03-25T11:55:17.642894+00:00", "vendors": ["elastic", "elastic$PRODUCT$packetbeat"]}