Detections
Analytics

Elastic Beats 7.x / 8.x < 8.19.10 / 9.x < 9.1.10 / 9.2.x < 9.2.4 Multiple Vulnerabilities (ESA_2026_01, ESA_2026_02)

medium Nessus Plugin ID 286270

Language:

Synopsis

The Elastic Beats installation on the remote host is affected by multiple vulnerabilities.

Description

The version of Elastic Beats (Metricbeat or Packetbeat) installed on the remote host is 7.x, 8.x prior to 8.19.10, 9.x prior to 9.1.10, or 9.2.x prior to 9.2.4. It is, therefore, affected by multiple vulnerabilities:

 - Improper Validation of Array Index (CWE-129) and Improper Input Validation (CWE-20) in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153). This is exploitable via specially crafted, malformed payloads sent to the Graphite or Zookeeper server metricsets, or via malformed metric data processed by the Prometheus helper module. (CVE-2026-0528)

 - Improper Validation of Array Index (CWE-129) in Packetbeat's MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled, potentially leading to an application crash. (CVE-2026-0529)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Elastic Beats filebeat version 8.19.10, 9.1.10, 9.2.4 or later.

See Also

http://www.nessus.org/u?1fa1dede

http://www.nessus.org/u?c3e5a80b

Plugin Details

Severity: Medium

ID: 286270

File Name: elastic_beats_filebeat_9_2_4.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 1/15/2026

Updated: 1/15/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2026-0528

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: x-cpe:/a:elastic:beats_filebeat

Required KB Items: installed_sw/Beats filebeat, SMB/Registry/Enumerated

Patch Publication Date: 1/6/2026

Vulnerability Publication Date: 1/13/2026

Reference Information

CVE: CVE-2026-0528, CVE-2026-0529

IAVA: 2026-A-0054