CVE-2026-26933

Published: Mar 19, 2026 Last Modified: Mar 19, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,7

Source: [email protected]

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.

129

Improper Validation of Array Index

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Confidentiality

Potential Impacts:

Dos: Crash, Exit, Or Restart Modify Memory Read Memory Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: C, C++, Not Language-Specific

Likelihood of Exploit: High

View CWE Details

https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-secur…

https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-…

CVE-2026-26933

Description

Improper Validation of Array Index

Common Consequences

Applicable Platforms

Iscriviti alla newsletter