Skip to main content

Wazuh

Vendor security scorecard – 7 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 32
7
CVEs
2
Critical
1
High
0
KEV
1
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.1%
Avg EPSS

Severity Breakdown

CRITICAL
2
HIGH
1
MEDIUM
4
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-56699 NDJSON injection in Wazuh Manager before 5.0.0-beta3 lets any enrolled agent smuggle arbitrary OpenSearch bulk operations because the DataValue.index field is not escaped when the manager builds inventory-sync bulk requests. Because those requests execute under the manager's OpenSearch admin credentials, a single low-trust agent can delete documents, tamper with alerts, and manipulate SIEM state across all other agents. Rated CVSS 10.0 by the reporter (VulnCheck); no public exploit identified at time of analysis and it is not listed in CISA KEV. CRITICAL 10.0 – 50
CVE-2026-30893 Wazuh Manager (4.4.0 through 4.14.3) contains a path traversal vulnerability in the cluster synchronization routine that allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. Writing to sensitive locations such as cron directories or Python module paths leads to remote code execution. CVSS 9.0 Critical (network-accessible, high privilege required, scope changed). Patch available in v4.14.4; no active exploitation identified. CRITICAL 9.0 0.1% 45
PoC
CVE-2026-56401 Denial of service in Wazuh wazuh-modulesd (all releases before 5.0.0-beta3) lets an enrolled agent crash the manager's inventory synchronization module by sending a verifier-valid FlatBuffer DataValue message that omits the optional id field, triggering a null pointer dereference (CWE-476). Exploitation requires only a valid enrolled agent (PR:L) over the network with no user interaction; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is availability-only - no data confidentiality or integrity loss - but it can repeatedly take down central inventory sync, blinding a security monitoring deployment. HIGH 7.1 0.3% 36
CVE-2026-28221 Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-bas MEDIUM 6.5 0.1% 33
CVE-2026-26206 Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's ser MEDIUM 6.5 0.0% 33
CVE-2026-41499 Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple he MEDIUM 6.5 0.0% 33
CVE-2026-26204 Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-base MEDIUM 4.4 0.0% 22

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy