CVE-2026-0529
Unknown Unknown - Not Provided
Buffer Overflow via Improper Array Index in Packetbeat MongoDB Parser

Publication date: 2026-01-14

Last updated on: 2026-01-14

Assigner: Elastic

Description
Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-14
Last Modified
2026-01-14
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0529
EUVD
EUVD-2026-2519
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
elastic packetbeat From 7.0.0 (inc) to 9.0.0 (exc)
elastic packetbeat From 8.0.0 (inc) to 8.19.9 (inc)
elastic packetbeat From 9.0.0 (inc) to 9.1.9 (inc)
elastic packetbeat From 9.2.0 (inc) to 9.2.3 (inc)
elastic packetbeat 8.19.10
elastic packetbeat 9.1.10
elastic packetbeat 9.2.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper validation of an array index (CWE-129) in Packetbeat's MongoDB protocol parser. It allows an attacker to cause a buffer overflow by sending specially crafted malformed network traffic to a monitored interface where MongoDB protocol parsing is enabled. This can lead to potential disruption or crashes of the Packetbeat service. [1]

Impact Analysis

The vulnerability can impact you by causing a buffer overflow in Packetbeat, which may lead to denial of service or disruption of monitoring capabilities. Since the vulnerability requires no privileges or user interaction and can be exploited from an adjacent network, it poses a risk of service interruption. [1]

Detection Guidance

There are no specific detection commands or methods provided for this vulnerability. Detection would likely involve monitoring network traffic for malformed MongoDB protocol payloads on interfaces where Packetbeat's MongoDB protocol parsing is enabled, but no explicit commands or tools are detailed. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Packetbeat to a fixed version: 8.19.10, 9.1.10, or 9.2.4 or later. There are no available workarounds for users who cannot upgrade. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0529. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart