Elasticsearch Packetbeat — known CVE vulnerabilities
Every CVE whose affected-product data names Elasticsearch Packetbeat, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2017-11480 — CVSS 7.5 (high): Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening…
CVE-2025-68381 — CVSS 6.5 (medium): Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and…
CVE-2025-68382 — CVSS 6.5 (medium): Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol…
CVE-2026-26932 — CVSS 5.7 (medium): Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data…
CVE-2026-26933 — CVSS 5.7 (medium): Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data…
CVE-2025-68388 — CVSS 5.3 (medium): Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation…