Nixpkgs Security Tracker

Untriaged

Permalink CVE-2026-26931

5.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 2 days, 19 hours ago

Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service

Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).

References

https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-…

Affected products

Metricbeat

=<8.19.12

Matching in nixpkgs

pkgs.metricbeat

Lightweight shipper for metrics

nixos-unstable 7.17.27
- nixpkgs-unstable 7.17.27
- nixos-unstable-small 7.17.27
nixos-25.11 7.17.27
- nixos-25.11-small 7.17.27
- nixpkgs-25.11-darwin 7.17.27

pkgs.metricbeat7