CVE-2026-0528
Unknown Unknown - Not Provided
Improper Validation in Metricbeat Causes Denial of Service

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: Elastic

Description
Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0528
EUVD
EUVD-2026-2032
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
elastic metricbeat 7.x
elastic metricbeat From 8.0.0 (inc) to 8.19.9 (inc)
elastic metricbeat From 9.0.0 (inc) to 9.2.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves improper input validation in Metricbeat components. Specifically, an Improper Validation of Array Index (CWE-129) exists in the Graphite and Zookeeper server metricsets, and Improper Input Validation (CWE-20) exists in the Prometheus helper module. Attackers can exploit these flaws by sending specially crafted malformed payloads or metric data, causing the software to crash or become unavailable, resulting in a Denial of Service (DoS). [1]

Impact Analysis

The vulnerability can lead to Denial of Service (DoS) attacks, where an attacker can cause Metricbeat to crash or become unresponsive by sending malformed data. This disrupts the availability of monitoring data and services relying on Metricbeat, potentially impacting system monitoring and operational awareness. [1]

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Metricbeat to versions 8.19.10, 9.1.10, or 9.2.4 or later, where the issues have been resolved. These updates fix the improper input validation vulnerabilities that could lead to Denial of Service attacks. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0528. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart