{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T19:27:19.055","vulnerabilities":[{"cve":{"id":"CVE-2026-26932","sourceIdentifier":"security@elastic.co","published":"2026-02-26T18:23:07.470","lastModified":"2026-03-12T20:23:24.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port."},{"lang":"es","value":"Validación incorrecta de índice de array (CWE-129) en el analizador del protocolo PostgreSQL en Packetbeat puede conducir a denegación de servicio a través de manipulación de datos de entrada (CAPEC-153). Un atacante puede enviar un paquete especialmente diseñado causando un pánico en tiempo de ejecución de Go que termina el proceso de Packetbeat. Esta vulnerabilidad requiere que el protocolo pgsql esté explícitamente habilitado y configurado para monitorear el tráfico en el puerto objetivo."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.19.11","matchCriteriaId":"5B3AF1B0-F18A-41C2-B4AC-0156C95D7153"},{"vulnerable":true,"criteria":"cpe:2.3:a:elasticsearch:packetbeat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.2.5","matchCriteriaId":"4936046E-0E8D-4A75-8FD4-F4266B47A8FE"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-10/385247","source":"security@elastic.co","tags":["Vendor Advisory"]}]}}]}