What is the CVSS score of CVE-2026-25769?

CVE-2026-25769 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Wazuh are affected by CVE-2026-25769?

CVE-2026-25769 is a critical deserialization vulnerability in Wazuh cluster deployments that enables attackers who compromise any worker node to execute code as root on the master node, potentially…. A patch is available.

Is there a public PoC exploit available for CVE-2026-25769?

Yes, a public proof-of-concept exploit is available for CVE-2026-25769. Prioritise patching immediately. EPSS: 0.4%.

Wazuh CVE-2026-25769

EUVD-2026-12595 CRITICAL

Deserialization of Untrusted Data (CWE-502)

2026-03-17 GitHub_M

RCE Deserialization Wazuh

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:50 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

4.14.3

PoC Detected

Mar 18, 2026 - 14:52 vuln.today

Public exploit code

EUVD ID Assigned

Mar 17, 2026 - 20:30 euvd

EUVD-2026-12595

Analysis Generated

Mar 17, 2026 - 20:30 vuln.today

CVE Published

Mar 17, 2026 - 17:41 nvd

CRITICAL 9.1

DescriptionNVD

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achieve full RCE on the master node with root privileges. Version 4.14.3 fixes the issue.

AnalysisAI

A critical deserialization vulnerability in Wazuh's cluster mode allows attackers with access to any worker node to achieve remote code execution with root privileges on the master node. The vulnerability affects Wazuh versions 4.0.0 through 4.14.2 and poses severe risk to organizations using Wazuh in distributed deployments, as compromise of any single worker node can lead to full cluster takeover. …

RemediationAI

Within 24 hours: Inventory all Wazuh deployments and identify instances running versions 4.0.0 through 4.14.2 in cluster mode; isolate affected worker nodes from production if patch deployment cannot be completed immediately. Within 7 days: Apply vendor-released patch to upgrade all affected Wazuh instances to version 4.14.3 or later; verify patch installation across all master and worker nodes. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-25769 vulnerability details – vuln.today

Back

Wazuh CVE-2026-25769

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code