CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-32984 – Heap buffer overflow in wazuh-authd
https://notcve.org/view.php?id=CVE-2026-32984
27 Mar 2026 — Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon. • https://github.com/advisories/GHSA-grjq-p5fg-m24r • CWE-125: Out-of-bounds Read •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25790 – Wazuh has Stack-Based Buffer Overflow in Security Configuration Assessment JSON Parser
https://notcve.org/view.php?id=CVE-2026-25790
17 Mar 2026 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment (SCA) decoder (`wazuh-analysisd`). The use of `sprintf` with a floating-point (`%lf`) format specifier on a fixed-size 128-byte buffer allows a remote attacker to overflow the stack. A specially crafted JSON event can trigger this overflow, leading to a denial of service (crash... • https://github.com/wazuh/wazuh/security/advisories/GHSA-cf24-hq8x-5jx2 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25772 – Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underflow
https://notcve.org/view.php?id=CVE-2026-25772
17 Mar 2026 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logic allows for an integer underflow when calculating the remaining buffer size. This occurs because the code incorrectly aggregates the return value of `snprintf`. If a specific database synchronization payload exce... • https://github.com/wazuh/wazuh/security/advisories/GHSA-h7vp-j34v-h6j5 • CWE-121: Stack-based Buffer Overflow CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25771 – Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware
https://notcve.org/view.php?id=CVE-2026-25771
17 Mar 2026 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service (DoS) vulnerability exists in the Wazuh API authentication middleware (`middlewares.py`). The application uses an asynchronous event loop (Starlette/Asyncio) to call a synchronous function (`generate_keypair`) that performs blocking disk I/O on every request containing a Bearer token. An unauthenticated remote attacker can exploit this by fl... • https://github.com/wazuh/wazuh/security/advisories/GHSA-33w3-p5hm-jw7g • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25770 – Wazuh has Privilege Escalation to Root via Cluster Protocol File Write
https://notcve.org/view.php?id=CVE-2026-25770
17 Mar 2026 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The `wazuh-clusterd` service allows authenticated nodes to write arbitrary files to the manager’s file system with the permissions of the `wazuh` system user. Due to insecure default permissions, the `wazuh` user has write access to the manager's main configurat... • https://github.com/wazuh/wazuh/security/advisories/GHSA-r4f7-v3p6-79jm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25769 – Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization
https://notcve.org/view.php?id=CVE-2026-25769
17 Mar 2026 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achieve full RCE on... • https://drive.google.com/drive/folders/1WlkKNmHexz8212OVED9O6M_3pI8b6qNI?usp=sharing • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-64169 – Wazuh NULL pointer dereference in fim_alert line 666
https://notcve.org/view.php?id=CVE-2025-64169
21 Nov 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fim_alert() implementation does not check whether oldsum->md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. This issue has been patched in version 4.12.0. • https://github.com/wazuh/wazuh/security/advisories/GHSA-hc35-h924-8596 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54866 – Wazuh installation fails to protected authd.pass on Windows
https://notcve.org/view.php?id=CVE-2025-54866
21 Nov 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files (x86)\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in version 4.13.0. • https://github.com/wazuh/wazuh/commit/606f19e688944ebe5d28d72eb81ac36f8fffb143 • CWE-276: Incorrect Default Permissions •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30201 – Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities
https://notcve.org/view.php?id=CVE-2025-30201
21 Nov 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0. • https://github.com/wazuh/wazuh/commit/688972da589e5d40d2a81bcd738240303a3dc45a • CWE-73: External Control of File Name or Path CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-64483 – Wazuh API – Agent Configuration Has Improper Access Control in Agent Enrollment Endpoint
https://notcve.org/view.php?id=CVE-2025-64483
21 Nov 2025 — Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0. • https://github.com/wazuh/wazuh-dashboard-plugins/security/advisories/GHSA-gwf3-8gm3-qrmj • CWE-284: Improper Access Control •