elasticsearch packetbeat CVE Vulnerabilities (6)

CVEs: 6 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting elasticsearch packetbeat (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 16 of 6 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-26933 Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traf [email protected] 5.7 0.24% 2026-03-19 2026-06-17
CVE-2026-26932 Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port. [email protected] 5.7 0.45% 2026-02-26 2026-06-17
CVE-2025-68388 Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat. [email protected] 5.3 0.31% 2025-12-18 2026-06-17
CVE-2025-68382 Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages. [email protected] 6.5 0.20% 2025-12-18 2026-06-17
CVE-2025-68381 Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number. [email protected] 6.5 0.39% 2025-12-18 2026-06-17
CVE-2017-11480 Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic. [email protected] 7.5 1.44% 2017-12-08 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence