CVE-2026-0528

ADVISORY - github

Summary

Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.

EPSS Score⁠: 0.00047 (0.143)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

15 days ago

UPDATED

6 days ago

ADVISORY IDCVE-2026-0528⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-129⁠

CVSS SCORE

6.5medium

GitHub

CREATED

15 days ago

UPDATED

5 days ago

ADVISORY IDGHSA-w2gr-585j-r428⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-129⁠

CVSS SCORE

6.5medium

Chainguard

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

CGA-cf6x-5qcj-8h59

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2026-0528

Summary

Common Weakness Enumeration (CWE)

CWE-129⁠

CWE-129⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

Chainguard