5
CVEs
2
Critical
0
High
0
KEV
1
PoC
2
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
0
MEDIUM
3
LOW
0
Monthly CVE Trend
Affected Products (5)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-25769 | A critical deserialization vulnerability in Wazuh's cluster mode allows attackers with access to any worker node to achieve remote code execution with root privileges on the master node. The vulnerability affects Wazuh versions 4.0.0 through 4.14.2 and poses severe risk to organizations using Wazuh in distributed deployments, as compromise of any single worker node can lead to full cluster takeover. While no active exploitation has been reported (not in KEV), proof-of-concept materials are publicly available via the Google Drive link in the advisory. | CRITICAL | 9.1 | 0.4% | 66 |
PoC
No patch
|
| CVE-2026-25770 | Privilege escalation in Wazuh Manager versions 3.9.0 through 4.14.2 allows authenticated cluster nodes to achieve unauthenticated root code execution by exploiting insecure file permissions in the cluster synchronization protocol. An attacker with cluster node access can overwrite the manager's configuration file to inject malicious commands that are subsequently executed with root privileges by the logcollector service. This vulnerability affects multi-node Wazuh deployments and has no available patch. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2026-25771 | Denial of service in Wazuh 4.3.0 through 4.14.2 allows unauthenticated attackers to exhaust API resources by sending crafted Bearer token requests that trigger blocking disk I/O operations in the authentication middleware, preventing the single-threaded event loop from processing legitimate connections. The vulnerability exists because synchronous file operations are called on every API request without proper resource constraints, enabling attackers to starve the application of CPU availability with relatively low request volumes. No patch is currently available. | MEDIUM | 5.3 | 0.1% | 27 |
No patch
|
| CVE-2026-25790 | Stack-based buffer overflow in Wazuh manager versions 3.9.0 through 4.14.3 allows remote attackers with high privileges to crash the `wazuh-analysisd` service via malformed JSON events, resulting in denial of service. The vulnerability stems from unsafe use of sprintf with floating-point format specifiers in the Security Configuration Assessment decoder, and may potentially enable remote code execution on affected Wazuh installations. | MEDIUM | 4.9 | 0.1% | 25 |
No patch
|
| CVE-2026-25772 | Stack-based buffer overflow in Wazuh 4.4.0 through 4.14.2 allows authenticated remote attackers with high privileges to trigger an integer underflow in the database synchronization module, causing denial of service or potential code execution. The vulnerability exists in SQL query construction logic within wdb_delta_event.c where improper size calculations on buffers exceeding 2048 bytes can corrupt the stack. A patch is available in version 4.14.3. | MEDIUM | 4.9 | 0.0% | 25 |
No patch
|