CVE-2026-0529
Buffer Overflow via Improper Array Index in Packetbeat MongoDB Parser
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: Elastic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | packetbeat | From 7.0.0 (inc) to 9.0.0 (exc) |
| elastic | packetbeat | From 8.0.0 (inc) to 8.19.9 (inc) |
| elastic | packetbeat | From 9.0.0 (inc) to 9.1.9 (inc) |
| elastic | packetbeat | From 9.2.0 (inc) to 9.2.3 (inc) |
| elastic | packetbeat | 8.19.10 |
| elastic | packetbeat | 9.1.10 |
| elastic | packetbeat | 9.2.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-129 | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper validation of an array index (CWE-129) in Packetbeat's MongoDB protocol parser. It allows an attacker to cause a buffer overflow by sending specially crafted malformed network traffic to a monitored interface where MongoDB protocol parsing is enabled. This can lead to potential disruption or crashes of the Packetbeat service. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by causing a buffer overflow in Packetbeat, which may lead to denial of service or disruption of monitoring capabilities. Since the vulnerability requires no privileges or user interaction and can be exploited from an adjacent network, it poses a risk of service interruption. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided for this vulnerability. Detection would likely involve monitoring network traffic for malformed MongoDB protocol payloads on interfaces where Packetbeat's MongoDB protocol parsing is enabled, but no explicit commands or tools are detailed. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Packetbeat to a fixed version: 8.19.10, 9.1.10, or 9.2.4 or later. There are no available workarounds for users who cannot upgrade. [1]