Nixpkgs security tracker

Permalink CVE-2026-26931

5.7 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Adjacent (A)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Adjacent (A)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 2 months ago Activity log

Created suggestion 2 months ago

Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service

Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).

References

https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-…

Affected products

Metricbeat

=<8.19.12

Matching in nixpkgs

pkgs.metricbeat

Lightweight shipper for metrics

nixos-unstable 7.17.27
- nixpkgs-unstable 7.17.27
- nixos-unstable-small 7.17.27
nixos-25.11 7.17.27
- nixos-25.11-small 7.17.27
- nixpkgs-25.11-darwin 7.17.27

pkgs.metricbeat7