Filebeat package (filebeat-9.2.1-amd64.deb) is affected by CVE-2025-11226/CVE-2025-5818/CVE-2025-47914

cahl · January 19, 2026, 12:56pm

Hi, I see the filebeat-9.2.1-amd64.deb is affected by CVE-2025-10543 which is present on GitHub - eclipse-paho/paho.mqtt.golang 1.3.5 and fixed on 1.5.1. Also, the same package is affected by CVE-2025-58181 and CVE-2025-47914 which relates to The Go Programming Language 0.41.0 fixed on 0.45.0. I understand these dependencies are not developed by Elastic but as the filebeat is using them, is there any plans to update the filebeat package regarding these CVEs?

Thank you in advance,

Cesar Lino

leandrojmp · January 19, 2026, 2:00pm

You need to check if the last version, 9.2.4, has fixed those CVEs.

If those are still present on the last version you need to contact security@elastic.co with the CVE list so they can validate.

Topic		Replies	Views
Critical security vulnerabilities reported with go version 1.19.7 Beats filebeat	3	394	May 18, 2023
Filebeat after v7.12 does not show dependency information Beats filebeat	2	296	March 24, 2022
Vulnerability github.com/hashicorp/nomad 0.0.0-20201203164818-6318a8ac7bf8 Beats docker , filebeat	2	131	March 28, 2024
Filebeat 5.2.2 Windows x86 flagged by Antivirus Beats filebeat	2	721	June 13, 2017
Beats with golang version Beats filebeat	2	1150	October 17, 2017

Filebeat package (filebeat-9.2.1-amd64.deb) is affected by CVE-2025-11226/CVE-2025-5818/CVE-2025-47914

Related topics