Nixpkgs security tracker

Untriaged

Permalink CVE-2026-26932

5.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Improper Validation of Array Index in Packetbeat Leading to Denial of Service

Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port.

References

https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-…

Affected products

Packetbeat

=<9.2.4
=<8.19.10

Matching in nixpkgs

pkgs.packetbeat

Network packet analyzer that ships data to Elasticsearch

nixos-unstable 7.17.27
- nixpkgs-unstable 7.17.27
- nixos-unstable-small 7.17.27
nixos-25.11 7.17.27
- nixos-25.11-small 7.17.27
- nixpkgs-25.11-darwin 7.17.27

pkgs.packetbeat7