What is the CVSS score of CVE-2026-30893?

CVE-2026-30893 has a CVSS 3.1 base score of 9.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H. EPSS exploitation probability: 0.1%.

Is there a public PoC exploit available for CVE-2026-30893?

Yes, a public proof-of-concept exploit is available for CVE-2026-30893. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2026-30893?

Yes, a patch is available for CVE-2026-30893. Update the affected software to the latest version immediately.

Wazuh Manager CVE-2026-30893

EUVD-2026-26271 CRITICAL

Path Traversal (CWE-22)

2026-04-29 GitHub_M

RCE Python Path Traversal Wazuh

9.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 30, 2026 - 20:30 nvd

Patch available

Analysis Generated

Apr 29, 2026 - 20:08 vuln.today

Re-analysis Queued

Apr 29, 2026 - 19:22 vuln.today

cvss_changed

EUVD ID Assigned

Apr 29, 2026 - 18:30 euvd

EUVD-2026-26271

Analysis Generated

Apr 29, 2026 - 18:30 vuln.today

CVE Published

Apr 29, 2026 - 17:55 nvd

CRITICAL 9.0

DescriptionNVD

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. This can be escalated to code execution in the Wazuh service context by overwriting Python modules loaded by Wazuh components (proof of concept available as separate attachment). In deployments where the cluster daemon runs with elevated privileges, system-level compromise is possible. This issue has been patched in version 4.14.4.

AnalysisAI

Wazuh Manager (4.4.0 through 4.14.3) contains a path traversal vulnerability in the cluster synchronization routine that allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. Writing to sensitive locations such as cron directories or Python module paths leads to remote code execution. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-30893 vulnerability details – vuln.today

Back

Wazuh Manager CVE-2026-30893

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code