Wazuh
CVE-2026-33434
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
PR:L confirmed by authentication requirement; I:L added over vendor score because injecting crafted events into analysisd degrades integrity of security analysis output.
Primary rating from Vendor (github).
CVSS VectorVendor: github
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 4.6.0 and above, prior to 4.14.5, a logic error in CheckRateLimitsMiddleware.dispatch() causes the /events endpoint rate check to unconditionally overwrite the general rate limit result. When the global max_request_per_minute is exceeded, requests to /events still succeed if the events-specific counter (hardcoded 30/min) has not been reached. This allows event injection into analysisd beyond the admin-configured global rate limit. This issue has been fixed in version 4.14.5.
AnalysisAI
Rate limit bypass in Wazuh's /events endpoint allows authenticated network users to inject events into analysisd beyond the administrator-configured global rate limit. A logic error in CheckRateLimitsMiddleware.dispatch() causes the endpoint-specific counter (hardcoded at 30 requests/min) to unconditionally overwrite the result of the global rate limit check, meaning the global max_request_per_minute threshold is silently ignored for this endpoint. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session with at least low-privilege access to the Wazuh API (confirmed by PR:L in CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 4.3 (Medium) reflects a realistic threat profile: network-reachable (AV:N), low complexity (AC:L), low-privilege authentication required (PR:L), no user interaction, limited scope, and only an availability impact (A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated low-privilege user or a compromised Wazuh agent credential holder sends a sustained burst of POST requests to the /events endpoint. Once the global max_request_per_minute threshold is crossed, requests are still accepted because the endpoint-specific counter (30/min) has not been reached, bypassing the administrator-configured ceiling. … |
| Remediation | Upgrade Wazuh server to version 4.14.5, which corrects the logic error in CheckRateLimitsMiddleware.dispatch() so the global rate limit result is no longer overwritten by the events-specific counter. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl comman
A critical deserialization vulnerability in Wazuh's cluster mode allows attackers with access to any worker node to achi
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversa
CVE-2024-1243 is an improper input validation vulnerability in Wazuh agent for Windows (versions prior to 4.8.0) that al
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial o
NDJSON injection in Wazuh Manager before 5.0.0-beta3 lets any enrolled agent smuggle arbitrary OpenSearch bulk operation
Wazuh is a free and open source platform used for threat prevention, detection, and response. Rated critical severity (C
Privilege escalation in Wazuh Manager versions 3.9.0 through 4.14.2 allows authenticated cluster nodes to achieve unauth
Wazuh Manager (4.4.0 through 4.14.3) contains a path traversal vulnerability in the cluster synchronization routine that
Wazuh is a security detection, visibility, and compliance open source project. Rated high severity (CVSS 8.8), this vuln
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code exe
Same weakness CWE-799 – Improper Control of Interaction Frequency
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today