{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26931", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2026-02-16T16:42:05.773Z", "datePublished": "2026-03-19T17:05:57.514Z", "dateUpdated": "2026-03-19T17:20:38.549Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Metricbeat", "vendor": "Elastic", "versions": [{"lessThanOrEqual": "8.19.12", "status": "affected", "version": "8.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).</p>"}], "value": "Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130)."}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2026-03-19T17:05:57.514Z"}, "references": [{"url": "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532"}], "source": {"discovery": "Elastic"}, "title": "Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service", "x_generator": {"engine": "Elastic CVE Publisher 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T17:20:32.317500Z", "id": "CVE-2026-26931", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T17:20:38.549Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T17:20:32.317500Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T17:20:35.484Z"}}], "cna": {"title": "Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service", "source": {"discovery": "Elastic"}, "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Elastic", "product": "Metricbeat", "versions": [{"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.19.12"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532"}], "x_generator": {"engine": "Elastic CVE Publisher 0.0.1"}, "descriptions": [{"lang": "en", "value": "Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).", "supportingMedia": [{"type": "text/html", "value": "<p>Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2026-03-19T17:05:57.514Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26931", "state": "PUBLISHED", "dateUpdated": "2026-03-19T17:20:38.549Z", "dateReserved": "2026-02-16T16:42:05.773Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2026-03-19T17:05:57.514Z", "assignerShortName": "elastic"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130)."}], "id": "CVE-2026-26931", "lastModified": "2026-03-20T13:39:46.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "security@elastic.co", "type": "Secondary"}]}, "published": "2026-03-19T17:16:23.320", "references": [{"source": "security@elastic.co", "url": "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532"}], "sourceIdentifier": "security@elastic.co", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "security@elastic.co", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.19.12]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Metricbeat", "source": "cna", "vendor": "Elastic"}, "product": "metricbeat", "vendor": "elastic"}], "analysis": {"en": {"generated_at": "2026-03-19T18:21:58.156280+00:00", "value": {"mitigation_remediation": ["Verify the Metricbeat version you are running to determine if the vulnerability applies", "Consult Elastic\u2019s release notes or advisory linked in the discussion forum for a patch, and apply it promptly", "If a patch is unavailable, restrict network access to the remote_write endpoint using firewall rules or access control lists", "Monitor system resource usage and logs for signs of abnormal memory allocation or service unavailability"], "summary": {"action": "Assess Impact", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability is reported for Elastic Metricbeat. No specific version range is supplied in the data, so all installations that have not applied a patch may be affected. Users should check their deployed Metricbeat version against recent Elastic advisories, as newer releases may already contain a fix.", "description_and_impact": "Memory Allocation with Excessive Size Value, classified as CWE\u2011789, is present in the Prometheus remote_write HTTP handler in Elastic Metricbeat. An attacker can target the remote_write endpoint with a specially crafted request that causes the application to allocate an excessively large amount of memory, leading to service interruption. The vulnerability exposes only availability loss; there is no indication that confidentiality or integrity is directly compromised.", "risk_and_exploitability": "The CVSS score is 5.7, indicating a moderate severity level. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting moderate likelihood of exploitation but limited existing evidence of widespread attacks. The attack vector is inferred to be remote, delivered via an external HTTP request to the remote_write endpoint, which can be performed over the network without authentication in many default configurations."}}}}, "created": "2026-03-20T08:56:36.962629+00:00", "updated": "2026-03-20T11:06:47.928990+00:00", "vendors": ["elastic", "elastic$PRODUCT$metricbeat"]}