A vulnerability labeled as problematic has been found in Elastic Metricbeat up to 8.19.12 . The impacted element is the function remote_write of the component HTTP Handler . The manipulation of the argument Size results in uncontrolled memory allocation. This vulnerability is reported as CVE-2026-26931 . The attacker must have access to the local network to execute the attack. No exploit exists.