CVE-2026-0529
Unknown Unknown - Not Provided

Buffer Overflow via Improper Array Index in Packetbeat MongoDB Parser

Vulnerability report for CVE-2026-0529, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-14

Last updated on: 2026-01-14

Assigner: Elastic

Description

Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-14
Last Modified
2026-01-14
Generated
2026-07-06
AI Q&A
2026-01-14
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
elastic packetbeat From 7.0.0 (inc) to 9.0.0 (exc)
elastic packetbeat From 8.0.0 (inc) to 8.19.9 (inc)
elastic packetbeat From 9.0.0 (inc) to 9.1.9 (inc)
elastic packetbeat From 9.2.0 (inc) to 9.2.3 (inc)
elastic packetbeat 8.19.10
elastic packetbeat 9.1.10
elastic packetbeat 9.2.4

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an improper validation of an array index (CWE-129) in Packetbeat's MongoDB protocol parser. It allows an attacker to cause a buffer overflow by sending specially crafted malformed network traffic to a monitored interface where MongoDB protocol parsing is enabled. This can lead to potential disruption or crashes of the Packetbeat service. [1]

Impact Analysis

The vulnerability can impact you by causing a buffer overflow in Packetbeat, which may lead to denial of service or disruption of monitoring capabilities. Since the vulnerability requires no privileges or user interaction and can be exploited from an adjacent network, it poses a risk of service interruption. [1]

Detection Guidance

There are no specific detection commands or methods provided for this vulnerability. Detection would likely involve monitoring network traffic for malformed MongoDB protocol payloads on interfaces where Packetbeat's MongoDB protocol parsing is enabled, but no explicit commands or tools are detailed. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Packetbeat to a fixed version: 8.19.10, 9.1.10, or 9.2.4 or later. There are no available workarounds for users who cannot upgrade. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0529. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart