CVE-2026-26931

Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service

Description

Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).

INFO

Published Date :

2026-03-19T17:05:57.514Z

Last Modified :

2026-03-19T17:20:38.549Z

Source :

elastic

AFFECTED PRODUCTS

The following products are affected by CVE-2026-26931 vulnerability.

Vendors	Products
Elastic	Metricbeat

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-26931.

URL	Resource
https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact