Elastic · Metricbeat · CVE-2026-0528
**Name of the Vulnerable Software and Affected Versions**
Metricbeat (affected versions not specified)
**Description**
The software contains flaws related to improper validation of array indices and improper input validation. These issues can be exploited through specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset, and through malformed metric data in the Prometheus helper module. An attacker could leverage these weaknesses to cause a Denial of Service through input data manipulation.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.