PT-2026-6491 — Improper Validation of Array Index in Go Github.Com/Elastic/Beats/V7

PT-2026-6491 · Go · Github.Com/Elastic/Beats/V7

Published

2026-01-13

Updated

2026-01-13

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

GHSA-W2GR-585J-R428

Affected Products

Github.Com/Elastic/Beats/V7

PT-2026-6491 · Go · Github.Com/Elastic/Beats/V7

Weakness Enumeration

Related Identifiers

Affected Products

References · 7