diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 7c7bbf9c0b3..d4d5921dc97 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -78,6 +78,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Added a fix for Crowdstrike pipeline handling process arrays {pull}36496[36496]
 - [threatintel] MISP pagination fixes {pull}37898[37898]
 - Fix file handle leak when handling errors in filestream {pull}37973[37973]
+- Fix bug in CEL input rate limit logic. {issue}40106[40106] {pull}40270[40270]
 
 *Heartbeat*
 
diff --git a/x-pack/filebeat/input/cel/input.go b/x-pack/filebeat/input/cel/input.go
index 36d2d59e883..63b207b1ec2 100644
--- a/x-pack/filebeat/input/cel/input.go
+++ b/x-pack/filebeat/input/cel/input.go
@@ -622,7 +622,7 @@ func handleRateLimit(log *logp.Logger, rateLimit map[string]interface{}, header
 	}
 
 	// Process reset if we need to wait until reset to avoid a request against a zero quota.
-	if limit == 0 {
+	if limit <= 0 {
 		w, ok := rateLimit["reset"]
 		if ok {
 			switch w := w.(type) {