Metricbeat Remote_write Handler: Excessive Size Value Causing DoS
CVE-2026-26931 Published on March 19, 2026

Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service
Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

What is a Stack Exhaustion Vulnerability?

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

CVE-2026-26931 has been classified to as a Stack Exhaustion vulnerability or weakness.

Affected Versions

Elastic Metricbeat:

Version 8.0.0, <= 8.19.12 is affected.

Exploit Probability

EPSS

0.01%

Percentile

3.26%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Metricbeat Remote_write Handler: Excessive Size Value Causing DoSCVE-2026-26931 Published on March 19, 2026

Vulnerability Analysis

Weakness Type

What is a Stack Exhaustion Vulnerability?

Affected Versions

Exploit Probability

Metricbeat Remote_write Handler: Excessive Size Value Causing DoS
CVE-2026-26931 Published on March 19, 2026