Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RCE
Path Traversal
Wazuh
NVD
GitHub
CVSS 3.1
8.8
EPSS
8.7%