Improper Validation of Array Index in Packetbeat Leading to Denial of Service
Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port.
Affected Versions:
- 8.x: All versions from 8.0.0 up to and including 8.19.10
- 9.x: All versions from 9.0.0 up to and including 9.2.4
Affected Configurations:
This vulnerability only affects Packetbeat deployments where: The pgsql protocol type has been explicitly configured in packetbeat.yml and the Packetbeat instance is monitoring network traffic on an interface where PostgreSQL protocol traffic is present
Solutions and Mitigations:
The issue is resolved in version 8.19.11, 9.2.5.
For Users that Cannot Upgrade:
Disable the pgsql protocol parser by removing or commenting out the pgsql configuration in packetbeat.yml
Indicators of Compromise (IOC)
Packetbeat process terminations with panic messages containing:
- "runtime error: index out of range"
- "panic: runtime error"
- Stack traces referencing packetbeat/protos/pgsql/parse.go
Severity: CVSSv3.1: Medium ( 5.7 ) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2026-26932
Problem Type: CWE-129 - Improper Validation of Array Index
Impact: CAPEC-153 - Input Data Manipulation