github.com/elastic/beats/v7 (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/elastic/beats/v7, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2023-49922 — CVSS 6.8 (medium): An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if…
CVE-2025-68383 — CVSS 6.5 (medium): Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor…
CVE-2026-0528 — CVSS 6.5 (medium): Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data…
CVE-2026-26931 — CVSS 5.7 (medium): Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service…
CVE-2026-26933 — CVSS 5.7 (medium): Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data…
CVE-2025-68388 — CVSS 5.3 (medium): Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation…