5
CVEs
1
Critical
0
High
0
KEV
1
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
0
MEDIUM
4
LOW
0
Monthly CVE Trend
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-30893 | Wazuh Manager (4.4.0 through 4.14.3) contains a path traversal vulnerability in the cluster synchronization routine that allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. Writing to sensitive locations such as cron directories or Python module paths leads to remote code execution. CVSS 9.0 Critical (network-accessible, high privilege required, scope changed). Patch available in v4.14.4; no active exploitation identified. | CRITICAL | 9.0 | 0.1% | 45 |
PoC
|
| CVE-2026-28221 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-bas | MEDIUM | 6.5 | 0.1% | 33 |
|
| CVE-2026-26206 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's ser | MEDIUM | 6.5 | 0.0% | 33 |
|
| CVE-2026-41499 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple he | MEDIUM | 6.5 | 0.0% | 33 |
|
| CVE-2026-26204 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-base | MEDIUM | 4.4 | 0.0% | 22 |
|