CVE-2026-0529

Published: Jan 14, 2026Modified: Jan 14, 2026

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: security@elastic.co (Secondary)

Description

Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (1)

https://discuss.elastic.co/t/packetbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-02/384520

Source: security@elastic.co

Timeline

No history available yet.