CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-15617 – Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials
https://notcve.org/view.php?id=CVE-2025-15617
27 Mar 2026 — Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags. • https://github.com/wazuh/wazuh/security/advisories/GHSA-6xqr-4q5g-xc7x • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-15616 – Wazuh Agent and Manager OS Command Injection and Untrusted Search Path
https://notcve.org/view.php?id=CVE-2025-15616
27 Mar 2026 — Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR script parameters. Attackers can exploit these vulnerabilities by injecting malicious commands through configuration files, SMTP server settings, and custom flags to achieve remote code execution on affected systems. • https://github.com/wazuh/wazuh/security/advisories/GHSA-522v-p59v-58gm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-15615 – Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service
https://notcve.org/view.php?id=CVE-2025-15615
27 Mar 2026 — Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable. • https://github.com/wazuh/wazuh/security/advisories/GHSA-rr83-v9v7-jjhp • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-7340 – Wazuh authd service (os_auth) Heap-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-7340
27 Mar 2026 — Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon. • https://github.com/wazuh/wazuh/security/advisories/GHSA-grjq-p5fg-m24r • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-32983 – SSL/TLS Renegotiation DoS in Wazuh Manager authd service
https://notcve.org/view.php?id=CVE-2026-32983
27 Mar 2026 — Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable. • https://github.com/advisories/GHSA-rr83-v9v7-jjhp • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-32984 – Heap buffer overflow in wazuh-authd
https://notcve.org/view.php?id=CVE-2026-32984
27 Mar 2026 — Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon. • https://github.com/advisories/GHSA-grjq-p5fg-m24r • CWE-125: Out-of-bounds Read •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25790 – Wazuh has Stack-Based Buffer Overflow in Security Configuration Assessment JSON Parser
https://notcve.org/view.php?id=CVE-2026-25790
17 Mar 2026 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment (SCA) decoder (`wazuh-analysisd`). The use of `sprintf` with a floating-point (`%lf`) format specifier on a fixed-size 128-byte buffer allows a remote attacker to overflow the stack. A specially crafted JSON event can trigger this overflow, leading to a denial of service (crash... • https://github.com/wazuh/wazuh/security/advisories/GHSA-cf24-hq8x-5jx2 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25772 – Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underflow
https://notcve.org/view.php?id=CVE-2026-25772
17 Mar 2026 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logic allows for an integer underflow when calculating the remaining buffer size. This occurs because the code incorrectly aggregates the return value of `snprintf`. If a specific database synchronization payload exce... • https://github.com/wazuh/wazuh/security/advisories/GHSA-h7vp-j34v-h6j5 • CWE-121: Stack-based Buffer Overflow CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25771 – Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware
https://notcve.org/view.php?id=CVE-2026-25771
17 Mar 2026 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service (DoS) vulnerability exists in the Wazuh API authentication middleware (`middlewares.py`). The application uses an asynchronous event loop (Starlette/Asyncio) to call a synchronous function (`generate_keypair`) that performs blocking disk I/O on every request containing a Bearer token. An unauthenticated remote attacker can exploit this by fl... • https://github.com/wazuh/wazuh/security/advisories/GHSA-33w3-p5hm-jw7g • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25770 – Wazuh has Privilege Escalation to Root via Cluster Protocol File Write
https://notcve.org/view.php?id=CVE-2026-25770
17 Mar 2026 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The `wazuh-clusterd` service allows authenticated nodes to write arbitrary files to the manager’s file system with the permissions of the `wazuh` system user. Due to insecure default permissions, the `wazuh` user has write access to the manager's main configurat... • https://github.com/wazuh/wazuh/security/advisories/GHSA-r4f7-v3p6-79jm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •