{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0529", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2025-12-19T15:43:38.402Z", "datePublished": "2026-01-14T10:09:02.462Z", "dateUpdated": "2026-01-14T16:31:01.455Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Packetbeat", "vendor": "Elastic", "versions": [{"lessThanOrEqual": "7.17.29", "status": "affected", "version": "7.0.0", "versionType": "semver"}, {"lessThanOrEqual": "8.19.9", "status": "affected", "version": "8.0.0", "versionType": "semver"}, {"lessThanOrEqual": "9.1.9", "status": "affected", "version": "9.0.0", "versionType": "semver"}, {"lessThanOrEqual": "9.2.3", "status": "affected", "version": "9.2.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Improper Validation of Array Index (CWE-129) in Packetbeat\u2019s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.</p>"}], "value": "Improper Validation of Array Index (CWE-129) in Packetbeat\u2019s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2026-01-14T10:09:02.462Z"}, "references": [{"url": "https://discuss.elastic.co/t/packetbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-02/384520"}], "credits": [{"lang": "en", "value": "AISLE Research", "type": "reporter"}], "source": {"discovery": "Elastic"}, "title": "Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers", "x_generator": {"engine": "Elastic CVE Publisher 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-14T16:22:50.115810Z", "id": "CVE-2026-0529", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-14T16:31:01.455Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0529", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-14T16:22:50.115810Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-14T16:26:47.979Z"}}], "cna": {"title": "Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers", "source": {"discovery": "Elastic"}, "credits": [{"lang": "en", "type": "reporter", "value": "AISLE Research"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Elastic", "product": "Packetbeat", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.17.29"}, {"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.19.9"}, {"status": "affected", "version": "9.0.0", "versionType": "semver", "lessThanOrEqual": "9.1.9"}, {"status": "affected", "version": "9.2.0", "versionType": "semver", "lessThanOrEqual": "9.2.3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.elastic.co/t/packetbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-02/384520"}], "x_generator": {"engine": "Elastic CVE Publisher 0.0.1"}, "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index (CWE-129) in Packetbeat\u2019s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper Validation of Array Index (CWE-129) in Packetbeat\u2019s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2026-01-14T10:09:02.462Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0529", "state": "PUBLISHED", "dateUpdated": "2026-01-14T16:31:01.455Z", "dateReserved": "2025-12-19T15:43:38.402Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2026-01-14T10:09:02.462Z", "assignerShortName": "elastic"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index (CWE-129) in Packetbeat\u2019s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled."}, {"lang": "es", "value": "Validaci\u00f3n incorrecta de \u00edndice de array (CWE-129) en el analizador del protocolo MongoDB de Packetbeat puede permitir a un atacante causar desbordamientos de b\u00fafer (CAPEC-100) a trav\u00e9s de tr\u00e1fico de red especialmente dise\u00f1ado. Esto requiere que un atacante env\u00ede una carga \u00fatil malformada a una interfaz de red monitoreada donde el an\u00e1lisis del protocolo MongoDB est\u00e1 habilitado."}], "id": "CVE-2026-0529", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@elastic.co", "type": "Secondary"}]}, "published": "2026-01-14T10:16:08.813", "references": [{"source": "security@elastic.co", "url": "https://discuss.elastic.co/t/packetbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-02/384520"}], "sourceIdentifier": "security@elastic.co", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "security@elastic.co", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T06:24:17.037658+00:00", "value": {"mitigation_remediation": ["Upgrade Packetbeat to the latest version that includes the security fix", "If a patch is not immediately available, disable MongoDB protocol monitoring or remove the related module to prevent the vulnerable code from running", "After applying fixes, monitor network traffic and system logs for signs of abnormal activity to detect any attempted exploitation"], "summary": {"action": "Immediate Patch", "impact": "Potential memory corruption leading to code execution or denial of service"}, "threat_synthesis": {"affected_systems": "Elastic Packetbeat is vulnerable. No specific product versions are listed in the CVE data, so all affected releases prior to a patch should be considered at risk.", "description_and_impact": "Packetbeat\u2019s MongoDB protocol parser does not validate array indices correctly, allowing an attacker to send a malicious payload that overflows internal buffers. This flaw can corrupt memory and may provide a path to arbitrary code execution or a crash, depending on the system\u2019s state at the time of the overflow.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate severity. EPSS is below 1%, suggesting that exploitation is currently rare, and the vulnerability is not listed in the CISA KEV catalog. The vulnerability requires an attacker to transmit a crafted MongoDB protocol packet to a monitored network interface; therefore the attack vector is likely over the network, possibly from a compromised host within the monitored subnet."}}}}, "created": "2026-01-15T08:03:57.764035+00:00", "updated": "2026-04-18T06:30:25.908351+00:00", "vendors": ["elastic", "elastic$PRODUCT$packetbeat"]}