Skip to main content

Wazuh

Vendor security scorecard – 2 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 14
2
CVEs
1
Critical
1
High
0
KEV
0
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.3%
Avg EPSS

Severity Breakdown

CRITICAL
1
HIGH
1
MEDIUM
0
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-56699 NDJSON injection in Wazuh Manager before 5.0.0-beta3 lets any enrolled agent smuggle arbitrary OpenSearch bulk operations because the DataValue.index field is not escaped when the manager builds inventory-sync bulk requests. Because those requests execute under the manager's OpenSearch admin credentials, a single low-trust agent can delete documents, tamper with alerts, and manipulate SIEM state across all other agents. Rated CVSS 10.0 by the reporter (VulnCheck); no public exploit identified at time of analysis and it is not listed in CISA KEV. CRITICAL 10.0 – 50
CVE-2026-56401 Denial of service in Wazuh wazuh-modulesd (all releases before 5.0.0-beta3) lets an enrolled agent crash the manager's inventory synchronization module by sending a verifier-valid FlatBuffer DataValue message that omits the optional id field, triggering a null pointer dereference (CWE-476). Exploitation requires only a valid enrolled agent (PR:L) over the network with no user interaction; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is availability-only - no data confidentiality or integrity loss - but it can repeatedly take down central inventory sync, blinding a security monitoring deployment. HIGH 7.1 0.3% 36

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy