Metricbeat Improper Array Index Validation allowing DoS via Graphite/Zookeeper
CVE-2026-0528 Published on January 13, 2026
Improper Input Validation in Metricbeat Leading to Denial of Service
Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.
Vulnerability Analysis
Weakness Type
What is an out-of-bounds array index Vulnerability?
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CVE-2026-0528 has been classified to as an out-of-bounds array index vulnerability or weakness.
Affected Versions
Elastic Metricbeat:- Version 7.0.0, <= 7.17.29 is affected.
- Version 8.0.0, <= 8.19.9 is affected.
- Version 9.0.0, <= 9.1.9 is affected.
- Version 9.2.0, <= 9.2.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.