CVE-2026-0529

Summary

Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.

Affected Software

VendorProductVersion RangeStatus
ElasticPacketbeat7.0.0 <= 7.17.29affected
ElasticPacketbeat8.0.0 <= 8.19.9affected
ElasticPacketbeat9.0.0 <= 9.1.9affected
ElasticPacketbeat9.2.0 <= 9.2.3affected

Weaknesses

  • CWE-129: CWE-129 Improper Validation of Array Index

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References