Description

Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.

INFO

Published Date :

2026-03-19T17:08:45.745Z

Last Modified :

2026-03-19T17:52:50.955Z

Source :

elastic
AFFECTED PRODUCTS

The following products are affected by CVE-2026-26933 vulnerability.

Vendors Products
Elastic
  • Packetbeat
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-26933.

URL Resource
https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact