CVE-2026-0528
Improper Validation in Metricbeat Causes Denial of Service
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: Elastic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | metricbeat | 7.x |
| elastic | metricbeat | From 8.0.0 (inc) to 8.19.9 (inc) |
| elastic | metricbeat | From 9.0.0 (inc) to 9.2.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-129 | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper input validation in Metricbeat components. Specifically, an Improper Validation of Array Index (CWE-129) exists in the Graphite and Zookeeper server metricsets, and Improper Input Validation (CWE-20) exists in the Prometheus helper module. Attackers can exploit these flaws by sending specially crafted malformed payloads or metric data, causing the software to crash or become unavailable, resulting in a Denial of Service (DoS). [1]
How can this vulnerability impact me? :
The vulnerability can lead to Denial of Service (DoS) attacks, where an attacker can cause Metricbeat to crash or become unresponsive by sending malformed data. This disrupts the availability of monitoring data and services relying on Metricbeat, potentially impacting system monitoring and operational awareness. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Metricbeat to versions 8.19.10, 9.1.10, or 9.2.4 or later, where the issues have been resolved. These updates fix the improper input validation vulnerabilities that could lead to Denial of Service attacks. [1]