Elastic Packetbeat vulnerabilities

7 known vulnerabilities affecting elastic/packetbeat.

Total CVEs

7

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1

CVE-2026-26933MEDIUMCVSS 5.7≥ 9.0.0, ≤ 9.2.4≥ 8.0.0, ≤ 8.19.102026-03-19

CVE-2026-26933 [MEDIUM] CWE-129 CVE-2026-26933: Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat ca Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application cr

CVE-2026-26932HIGHCVSS 7.5≥ 9.0.0, ≤ 9.2.4≥ 8.0.0, ≤ 8.19.102026-02-26

CVE-2026-26932 [HIGH] CWE-129 CVE-2026-26932: Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lea Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and c

CVE-2026-0529MEDIUMCVSS 6.5≥ 7.0.0, ≤ 7.17.29≥ 8.0.0, ≤ 8.19.9+2 more2026-01-14

CVE-2026-0529 [MEDIUM] CWE-129 CVE-2026-0529: Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an at Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.

CVE-2025-68382MEDIUMCVSS 6.5≥ 7.0.0, ≤ 7.17.29≥ 8.0.0, ≤ 8.19.8+2 more2025-12-18

CVE-2025-68382 [MEDIUM] CWE-125 CVE-2025-68382: Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.

CVE-2025-68388MEDIUMCVSS 5.3≥ 8.6.0, ≤ 8.19.8≥ 9.0.0, ≤ 9.1.8+1 more2025-12-18

CVE-2025-68388 [MEDIUM] CWE-770 CVE-2025-68388: Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote atta Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.

CVE-2025-68381MEDIUMCVSS 6.5≥ 7.0.0, ≤ 7.17.29≥ 8.0.0, ≤ 8.19.8+2 more2025-12-18

CVE-2025-68381 [MEDIUM] CWE-787 CVE-2025-68381: Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.

CVE-2017-11480HIGHCVSS 7.5vbefore 5.6.42017-12-08

CVE-2017-11480 [HIGH] CWE-404 CVE-2017-11480: Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protoc Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic.