Search criteria
3 vulnerabilities found for Metricbeat by Elastic
CERTFR-2026-AVI-0041
Vulnerability from certfr_avis - Published: 2026-01-14 - Updated: 2026-01-14
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Elastic | Packetbeat | Packetbeat versions 9.2.x antérieures à 9.2.4 | ||
| Elastic | Packetbeat | Packetbeat toutes versions 7.x | ||
| Elastic | Packetbeat | Packetbeat versions 8.19.x antérieures à 8.19.10 | ||
| Elastic | Packetbeat | Packetbeat versions 9.x antérieures à 9.1.10 | ||
| Elastic | Metricbeat | Metricbeat toutes versions 7.x | ||
| Elastic | Metricbeat | Metricbeat versions 8.19.x antérieures à 8.19.10 | ||
| Elastic | Elasticsearch | Elasticsearch versions 9.2.x antérieures à 9.2.4 | ||
| Elastic | Metricbeat | Metricbeat versions 9.x antérieures à 9.1.10 | ||
| Elastic | Elasticsearch | Elasticsearch toutes versions 7.x | ||
| Elastic | Elasticsearch | Elasticsearch versions 9.x antérieures à 9.1.10 | ||
| Elastic | Elasticsearch | Elasticsearch versions 8.19.x antérieures à 8.19.10 | ||
| Elastic | Metricbeat | Metricbeat versions 9.2.x antérieures à 9.2.4 | ||
| Elastic | Kibana | Kibana versions 8.19.x antérieures à 8.19.10 | ||
| Elastic | Kibana | Kibana toutes versions 7.x | ||
| Elastic | Kibana | Kibana versions 9.2.x antérieures à 9.2.4 | ||
| Elastic | Kibana | Kibana versions 9.x antérieures à 9.1.10 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Packetbeat versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Packetbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Packetbeat toutes versions 7.x",
"product": {
"name": "Packetbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Packetbeat versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
"product": {
"name": "Packetbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Packetbeat versions 9.x ant\u00e9rieures \u00e0 9.1.10",
"product": {
"name": "Packetbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Metricbeat toutes versions 7.x",
"product": {
"name": "Metricbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Metricbeat versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
"product": {
"name": "Metricbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Metricbeat versions 9.x ant\u00e9rieures \u00e0 9.1.10",
"product": {
"name": "Metricbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch toutes versions 7.x",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch versions 9.x ant\u00e9rieures \u00e0 9.1.10",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Metricbeat versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Metricbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana toutes versions 7.x",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 9.x ant\u00e9rieures \u00e0 9.1.10",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-0532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0532"
},
{
"name": "CVE-2026-0528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0528"
},
{
"name": "CVE-2026-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0530"
},
{
"name": "CVE-2026-0529",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0529"
},
{
"name": "CVE-2025-66566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
},
{
"name": "CVE-2026-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0543"
},
{
"name": "CVE-2026-0531",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0531"
}
],
"initial_release_date": "2026-01-14T00:00:00",
"last_revision_date": "2026-01-14T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0041",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
"vendor_advisories": [
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-08",
"url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-08/384523"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-02",
"url": "https://discuss.elastic.co/t/packetbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-02/384520"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-01",
"url": "https://discuss.elastic.co/t/metricbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-01/384519"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-04",
"url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-04/384522"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-05",
"url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-07",
"url": "https://discuss.elastic.co/t/elasticsearch-8-19-10-9-1-10-9-2-4-security-update-esa-2026-07/384525"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-03",
"url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-03/384521"
}
]
}
CVE-2026-0528 (GCVE-0-2026-0528)
Vulnerability from nvd – Published: 2026-01-13 21:02 – Updated: 2026-01-13 21:25
VLAI?
Title
Improper Input Validation in Metricbeat Leading to Denial of Service
Summary
Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.
Severity ?
6.5 (Medium)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Metricbeat |
Affected:
7.0.0 , ≤ 7.17.29
(semver)
Affected: 8.0.0 , ≤ 8.19.9 (semver) Affected: 9.0.0 , ≤ 9.1.9 (semver) Affected: 9.2.0 , ≤ 9.2.3 (semver) |
Credits
pkill-arjun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T21:23:21.867774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:25:10.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Metricbeat",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "7.17.29",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19.9",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.3",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pkill-arjun"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.\u003c/p\u003e"
}
],
"value": "Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:02:18.501Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/metricbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-01/384519"
}
],
"source": {
"discovery": "Elastic"
},
"title": "Improper Input Validation in Metricbeat Leading to Denial of Service",
"x_generator": {
"engine": "Elastic CVE Publisher 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2026-0528",
"datePublished": "2026-01-13T21:02:18.501Z",
"dateReserved": "2025-12-19T15:27:18.049Z",
"dateUpdated": "2026-01-13T21:25:10.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0528 (GCVE-0-2026-0528)
Vulnerability from cvelistv5 – Published: 2026-01-13 21:02 – Updated: 2026-01-13 21:25
VLAI?
Title
Improper Input Validation in Metricbeat Leading to Denial of Service
Summary
Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.
Severity ?
6.5 (Medium)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Metricbeat |
Affected:
7.0.0 , ≤ 7.17.29
(semver)
Affected: 8.0.0 , ≤ 8.19.9 (semver) Affected: 9.0.0 , ≤ 9.1.9 (semver) Affected: 9.2.0 , ≤ 9.2.3 (semver) |
Credits
pkill-arjun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T21:23:21.867774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:25:10.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Metricbeat",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "7.17.29",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19.9",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.3",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pkill-arjun"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.\u003c/p\u003e"
}
],
"value": "Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:02:18.501Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/metricbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-01/384519"
}
],
"source": {
"discovery": "Elastic"
},
"title": "Improper Input Validation in Metricbeat Leading to Denial of Service",
"x_generator": {
"engine": "Elastic CVE Publisher 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2026-0528",
"datePublished": "2026-01-13T21:02:18.501Z",
"dateReserved": "2025-12-19T15:27:18.049Z",
"dateUpdated": "2026-01-13T21:25:10.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}