CVE-2026-26932
Received Received - Intake
Improper Array Index Validation in Packetbeat PostgreSQL Causes DoS

Publication date: 2026-02-26

Last updated on: 2026-03-12

Assigner: Elastic

Description
Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-03-12
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26932
EUVD
EUVD-2026-8864
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
elasticsearch packetbeat From 8.0.0 (inc) to 8.19.11 (exc)
elasticsearch packetbeat From 9.0.0 (inc) to 9.2.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-26932 is a vulnerability in the PostgreSQL protocol parser of Packetbeat. It involves improper validation of an array index, which can be exploited by sending a specially crafted PostgreSQL packet. This causes a Go runtime panic due to an 'index out of range' error, leading to the unexpected termination of the Packetbeat process."}, {'type': 'paragraph', 'content': 'This vulnerability only affects Packetbeat deployments where the pgsql protocol parser is explicitly enabled and configured to monitor PostgreSQL network traffic.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': 'The primary impact of this vulnerability is a Denial of Service (DoS) condition. An attacker can cause the Packetbeat process to crash by sending a specially crafted packet, which triggers a runtime panic.'}, {'type': 'paragraph', 'content': "This results in the unavailability of Packetbeat's monitoring capabilities for PostgreSQL traffic, potentially disrupting network monitoring and analysis."}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for Packetbeat process crashes accompanied by panic messages containing "runtime error: index out of range" and stack traces referencing packetbeat/protos/pgsql/parse.go.'}, {'type': 'paragraph', 'content': 'Since the vulnerability occurs when the pgsql protocol parser is enabled, checking Packetbeat logs for these specific panic messages is a key indicator of compromise.'}, {'type': 'paragraph', 'content': 'Suggested commands include examining Packetbeat logs for the panic message, for example using grep:'}, {'type': 'list_item', 'content': "grep -i 'runtime error: index out of range' /var/log/packetbeat/packetbeat.log"}, {'type': 'list_item', 'content': "grep -i 'packetbeat/protos/pgsql/parse.go' /var/log/packetbeat/packetbeat.log"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for unexpected Packetbeat process terminations or restarts can help detect exploitation attempts.'}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Packetbeat to version 8.19.11 or 9.2.5 or later, where this vulnerability is fixed.

If upgrading is not possible immediately, disable the pgsql protocol parser by removing or commenting out its configuration in the packetbeat.yml file to prevent the vulnerability from being exploitable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26932. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart