[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-0528":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":28,"downstream":29,"duplicates":32,"related":33,"reserved_at":9,"published_at":37,"modified_at":38,"state":39,"summary":40,"references_raw":49,"kevs":85,"epss":86,"epss_history":89,"metrics":362,"affected":376},"CVE-2026-0528","Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-129","Improper Validation of Array Index","The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","weakness","Draft","Variant","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-100","Overflow Buffers",[],[],[26,27],"GHSA-w2gr-585j-r428","GO-2026-4360",[],[30],{"_key":31},"SUSE-SU-2026:1042-1",[],[34,35],{"_key":31},{"_key":36},"CGA-CF6X-5QCJ-8H59","2026-01-13T21:02:18.501Z","2026-01-13T21:25:10.446Z","Analyzed",{"cisa_kev":41,"cisa_ransomware":41,"cisa_vendor":9,"epss_severity":42,"epss_score":43,"severity":44,"severity_score":45,"severity_version":46,"severity_source":47,"severity_vector":48,"severity_status":39},false,"low",0.00107,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[50,58,63,68,72,76,81],{"url":51,"sources":52,"tags":55},"https://discuss.elastic.co/t/metricbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-01/384519",[53,47,54],"cve.org","osv_go",[56,57],"Vendor Advisory","WEB",{"url":59,"sources":60,"tags":61},"https://nvd.nist.gov/vuln/detail/CVE-2026-0528",[54],[62],"Advisory",{"url":64,"sources":65,"tags":66},"https://github.com/elastic/beats/commit/0025fbfe668936eb8fa65b838508faf3c3c04387",[54],[57,67],"FIX",{"url":69,"sources":70,"tags":71},"https://github.com/elastic/beats/commit/6e42552a23cec734e7977ebd3eb7fb797ddce456",[54],[57,67],{"url":73,"sources":74,"tags":75},"https://github.com/elastic/beats/commit/c7664c91a5a68c2df782bfeffe4fb7f42ff2ad1a",[54],[57,67],{"url":77,"sources":78,"tags":79},"https://github.com/elastic/beats",[54],[80],"PACKAGE",{"url":82,"sources":83,"tags":84},"https://github.com/advisories/GHSA-w2gr-585j-r428",[54],[62],[],{"date":87,"score":43,"percentile":88},"2026-06-05",0.28541,[90,94,97,100,103,106,110,113,116,118,122,125,128,131,134,137,140,143,146,149,152,155,158,161,164,167,170,173,176,179,182,185,189,192,195,198,201,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,251,254,257,260,263,266,269,272,274,277,280,283,286,289,292,296,299,302,305,308,311,314,317,320,323,326,329,332,335,338,341,344,347,350,353,356,359],{"date":91,"score":92,"percentile":93},"2026-01-14",0.00015,0.02561,{"date":95,"score":92,"percentile":96},"2026-01-15",0.02554,{"date":98,"score":92,"percentile":99},"2026-01-16",0.02552,{"date":101,"score":92,"percentile":102},"2026-01-17",0.02556,{"date":104,"score":92,"percentile":105},"2026-01-18",0.02558,{"date":107,"score":108,"percentile":109},"2026-01-19",0.00019,0.04181,{"date":111,"score":108,"percentile":112},"2026-01-20",0.0414,{"date":114,"score":108,"percentile":115},"2026-01-21",0.04129,{"date":117,"score":108,"percentile":115},"2026-01-22",{"date":119,"score":120,"percentile":121},"2026-01-23",0.00047,0.14374,{"date":123,"score":120,"percentile":124},"2026-01-24",0.1441,{"date":126,"score":120,"percentile":127},"2026-01-25",0.14347,{"date":129,"score":120,"percentile":130},"2026-01-26",0.14268,{"date":132,"score":120,"percentile":133},"2026-01-27",0.14264,{"date":135,"score":120,"percentile":136},"2026-01-28",0.14271,{"date":138,"score":120,"percentile":139},"2026-01-29",0.14242,{"date":141,"score":120,"percentile":142},"2026-01-30",0.14252,{"date":144,"score":120,"percentile":145},"2026-01-31",0.14262,{"date":147,"score":120,"percentile":148},"2026-02-01",0.14277,{"date":150,"score":120,"percentile":151},"2026-02-02",0.14224,{"date":153,"score":120,"percentile":154},"2026-02-03",0.14193,{"date":156,"score":120,"percentile":157},"2026-02-04",0.14192,{"date":159,"score":120,"percentile":160},"2026-02-05",0.14236,{"date":162,"score":120,"percentile":163},"2026-02-06",0.14258,{"date":165,"score":120,"percentile":166},"2026-02-07",0.14279,{"date":168,"score":120,"percentile":169},"2026-02-08",0.14261,{"date":171,"score":120,"percentile":172},"2026-02-09",0.14231,{"date":174,"score":120,"percentile":175},"2026-02-10",0.14159,{"date":177,"score":120,"percentile":178},"2026-02-11",0.14208,{"date":180,"score":120,"percentile":181},"2026-02-12",0.14221,{"date":183,"score":120,"percentile":184},"2026-02-13",0.1423,{"date":186,"score":187,"percentile":188},"2026-02-14",0.00051,0.15662,{"date":190,"score":187,"percentile":191},"2026-02-15",0.15642,{"date":193,"score":187,"percentile":194},"2026-02-16",0.15599,{"date":196,"score":187,"percentile":197},"2026-02-17",0.15572,{"date":199,"score":187,"percentile":200},"2026-02-18",0.1578,{"date":202,"score":187,"percentile":203},"2026-02-19",0.15844,{"date":205,"score":187,"percentile":206},"2026-02-20",0.15845,{"date":208,"score":187,"percentile":209},"2026-02-21",0.15854,{"date":211,"score":187,"percentile":212},"2026-02-22",0.1584,{"date":214,"score":187,"percentile":215},"2026-02-23",0.15807,{"date":217,"score":187,"percentile":218},"2026-02-24",0.15755,{"date":220,"score":187,"percentile":221},"2026-02-25",0.15724,{"date":223,"score":187,"percentile":224},"2026-02-26",0.15684,{"date":226,"score":187,"percentile":227},"2026-02-27",0.15704,{"date":229,"score":187,"percentile":230},"2026-02-28",0.15705,{"date":232,"score":187,"percentile":233},"2026-03-01",0.15737,{"date":235,"score":187,"percentile":236},"2026-03-02",0.1567,{"date":238,"score":187,"percentile":239},"2026-03-03",0.15629,{"date":241,"score":187,"percentile":242},"2026-03-04",0.15582,{"date":244,"score":187,"percentile":245},"2026-03-05",0.15597,{"date":247,"score":187,"percentile":248},"2026-03-06",0.15598,{"date":250,"score":187,"percentile":248},"2026-03-07",{"date":252,"score":187,"percentile":253},"2026-03-08",0.15567,{"date":255,"score":187,"percentile":256},"2026-03-09",0.15529,{"date":258,"score":187,"percentile":259},"2026-03-10",0.15525,{"date":261,"score":187,"percentile":262},"2026-03-11",0.15547,{"date":264,"score":187,"percentile":265},"2026-03-12",0.15607,{"date":267,"score":187,"percentile":268},"2026-03-13",0.15627,{"date":270,"score":187,"percentile":271},"2026-03-14",0.15632,{"date":273,"score":187,"percentile":197},"2026-03-15",{"date":275,"score":187,"percentile":276},"2026-03-16",0.15528,{"date":278,"score":187,"percentile":279},"2026-03-17",0.15507,{"date":281,"score":187,"percentile":282},"2026-03-18",0.1552,{"date":284,"score":187,"percentile":285},"2026-03-19",0.15542,{"date":287,"score":187,"percentile":288},"2026-03-20",0.15611,{"date":290,"score":187,"percentile":291},"2026-03-21",0.15752,{"date":293,"score":294,"percentile":295},"2026-03-22",0.00053,0.16529,{"date":297,"score":294,"percentile":298},"2026-03-23",0.16491,{"date":300,"score":294,"percentile":301},"2026-03-24",0.16476,{"date":303,"score":294,"percentile":304},"2026-03-25",0.16561,{"date":306,"score":294,"percentile":307},"2026-03-26",0.16637,{"date":309,"score":294,"percentile":310},"2026-03-27",0.16612,{"date":312,"score":294,"percentile":313},"2026-03-28",0.16644,{"date":315,"score":294,"percentile":316},"2026-03-29",0.16614,{"date":318,"score":294,"percentile":319},"2026-03-30",0.16574,{"date":321,"score":294,"percentile":322},"2026-03-31",0.16548,{"date":324,"score":294,"percentile":325},"2026-04-01",0.16583,{"date":327,"score":294,"percentile":328},"2026-04-02",0.16763,{"date":330,"score":294,"percentile":331},"2026-04-03",0.16792,{"date":333,"score":294,"percentile":334},"2026-04-04",0.16823,{"date":336,"score":294,"percentile":337},"2026-04-05",0.1679,{"date":339,"score":294,"percentile":340},"2026-04-06",0.16624,{"date":342,"score":294,"percentile":343},"2026-04-07",0.16608,{"date":345,"score":294,"percentile":346},"2026-04-08",0.16693,{"date":348,"score":294,"percentile":349},"2026-04-09",0.16747,{"date":351,"score":294,"percentile":352},"2026-04-10",0.16765,{"date":354,"score":294,"percentile":355},"2026-04-11",0.16727,{"date":357,"score":294,"percentile":358},"2026-04-12",0.16684,{"date":360,"score":294,"percentile":361},"2026-04-13",0.16626,[363,370,374],{"source":53,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":364,"cvss_v4_0":9},{"baseScore":365,"baseSeverity":366,"vectorString":367,"impactScore":368,"exploitabilityScore":369},6.5,"MEDIUM","CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",6,7.2,{"source":47,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":371,"cvss_v4_0":9},{"baseScore":45,"baseSeverity":372,"vectorString":48,"impactScore":368,"exploitabilityScore":373},"HIGH",10,{"source":54,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":375,"cvss_v4_0":9},{"baseScore":365,"baseSeverity":9,"vectorString":367,"impactScore":368,"exploitabilityScore":369},[377,400,417,427],{"ecosystem":9,"name":378,"vendor":9,"product":378,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":379},"Kibana",[380,388,392,396],{"version":381,"is_range":382,"range_type":383,"version_start":384,"version_start_type":385,"version_end":386,"version_end_type":387,"fixed_in":9},"gte7.0.0_lt7.17.29",true,"cpe","7.0.0","including","7.17.29","excluding",{"version":389,"is_range":382,"range_type":383,"version_start":390,"version_start_type":385,"version_end":391,"version_end_type":387,"fixed_in":9},"gte8.0.0_lt8.19.10","8.0.0","8.19.10",{"version":393,"is_range":382,"range_type":383,"version_start":394,"version_start_type":385,"version_end":395,"version_end_type":387,"fixed_in":9},"gte9.0.0_lt9.1.10","9.0.0","9.1.10",{"version":397,"is_range":382,"range_type":383,"version_start":398,"version_start_type":385,"version_end":399,"version_end_type":387,"fixed_in":9},"gte9.2.0_lt9.2.4","9.2.0","9.2.4",{"ecosystem":9,"name":401,"vendor":402,"product":403,"cpe_part":404,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":405},"Metricbeat","elastic","metricbeat","a",[406,408,411,414],{"version":407,"is_range":382,"range_type":53,"version_start":384,"version_start_type":385,"version_end":386,"version_end_type":385,"fixed_in":9},">= 7.0.0, \u003C= 7.17.29",{"version":409,"is_range":382,"range_type":53,"version_start":390,"version_start_type":385,"version_end":410,"version_end_type":385,"fixed_in":9},">= 8.0.0, \u003C= 8.19.9","8.19.9",{"version":412,"is_range":382,"range_type":53,"version_start":394,"version_start_type":385,"version_end":413,"version_end_type":385,"fixed_in":9},">= 9.0.0, \u003C= 9.1.9","9.1.9",{"version":415,"is_range":382,"range_type":53,"version_start":398,"version_start_type":385,"version_end":416,"version_end_type":385,"fixed_in":9},">= 9.2.0, \u003C= 9.2.3","9.2.3",{"ecosystem":418,"name":419,"vendor":420,"product":421,"cpe_part":9,"purl_type":422,"purl_namespace":420,"purl_name":421,"source":9,"versions":423},"Go","github.com/elastic/beats","github.com/elastic","beats","golang",[424],{"version":425,"is_range":382,"range_type":426,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all","semver",{"ecosystem":418,"name":428,"vendor":419,"product":429,"cpe_part":9,"purl_type":422,"purl_namespace":419,"purl_name":429,"source":9,"versions":430},"github.com/elastic/beats/v7","v7",[431,434,436,438],{"version":432,"is_range":382,"range_type":426,"version_start":9,"version_start_type":9,"version_end":433,"version_end_type":387,"fixed_in":9},"lt7_0_0_alpha2_0_20251217054608_6e42552a23ce","7.0.0-alpha2.0.20251217054608-6e42552a23ce",{"version":435,"is_range":382,"range_type":426,"version_start":390,"version_start_type":385,"version_end":391,"version_end_type":387,"fixed_in":9},"gte8_0_0_lt8_19_10",{"version":437,"is_range":382,"range_type":426,"version_start":394,"version_start_type":385,"version_end":395,"version_end_type":387,"fixed_in":9},"gte9_0_0_lt9_1_10",{"version":439,"is_range":382,"range_type":426,"version_start":398,"version_start_type":385,"version_end":399,"version_end_type":387,"fixed_in":9},"gte9_2_0_lt9_2_4"]