Main Vulnerability Database Vulnerabilities #VU123320

#VU123320 Improper Validation of Array Index in Packetbeat - CVE-2026-26932

Published: February 27, 2026

Vulnerability identifier: #VU123320

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-26932

CWE-ID: CWE-129

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Packetbeat

Software vendor:
Elastic Stack

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the PostgreSQL protocol parser when handling network traffic. A remote attacker can send specially crafted packets over the network and perform a denial of service attack.

Note, the vulnerability affects deployment s where the pgsql protocol type has been explicitly configured in packetbeat.yml and the Packetbeat instance is monitoring network traffic on an interface where PostgreSQL protocol traffic is present.

Remediation

Install updates from vendor's website.

External links

https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-10/385247

#VU123320 Improper Validation of Array Index in Packetbeat - CVE-2026-26932

Description

Remediation

External links

Please verify you're human