7
CVEs
2
Critical
1
High
0
KEV
1
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
1
MEDIUM
4
LOW
0
Monthly CVE Trend
Affected Products (5)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-56699 | NDJSON injection in Wazuh Manager before 5.0.0-beta3 lets any enrolled agent smuggle arbitrary OpenSearch bulk operations because the DataValue.index field is not escaped when the manager builds inventory-sync bulk requests. Because those requests execute under the manager's OpenSearch admin credentials, a single low-trust agent can delete documents, tamper with alerts, and manipulate SIEM state across all other agents. Rated CVSS 10.0 by the reporter (VulnCheck); no public exploit identified at time of analysis and it is not listed in CISA KEV. | CRITICAL | 10.0 | – | 50 |
|
| CVE-2026-30893 | Wazuh Manager (4.4.0 through 4.14.3) contains a path traversal vulnerability in the cluster synchronization routine that allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. Writing to sensitive locations such as cron directories or Python module paths leads to remote code execution. CVSS 9.0 Critical (network-accessible, high privilege required, scope changed). Patch available in v4.14.4; no active exploitation identified. | CRITICAL | 9.0 | 0.1% | 45 |
PoC
|
| CVE-2026-56401 | Denial of service in Wazuh wazuh-modulesd (all releases before 5.0.0-beta3) lets an enrolled agent crash the manager's inventory synchronization module by sending a verifier-valid FlatBuffer DataValue message that omits the optional id field, triggering a null pointer dereference (CWE-476). Exploitation requires only a valid enrolled agent (PR:L) over the network with no user interaction; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is availability-only - no data confidentiality or integrity loss - but it can repeatedly take down central inventory sync, blinding a security monitoring deployment. | HIGH | 7.1 | 0.3% | 36 |
|
| CVE-2026-28221 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-bas | MEDIUM | 6.5 | 0.1% | 33 |
|
| CVE-2026-26206 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's ser | MEDIUM | 6.5 | 0.0% | 33 |
|
| CVE-2026-41499 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple he | MEDIUM | 6.5 | 0.0% | 33 |
|
| CVE-2026-26204 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-base | MEDIUM | 4.4 | 0.0% | 22 |
|