wazuh
Products: Wazuh (GitHub Actions) · Wazuh Agent · Wazuh Provisioning Scripts (Agent Build Environment) · wazuh · wazuh-agent · wazuh-dashboard-plugins · wazuh-manager
26.4
Score
27
CVEs
1
Active
26
PoC
1
KEV
#96
Rank
Period:
Product:
| CVE ID | Published | CVSS | Exploit | KEV | AC | PR | Auto | Score(hover) | Affected Products | Description |
|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2026-26206 | 2026-04-29 | 6.5v3.1 | POC | — | Low | None | YES | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the config |
| CVE-2026-28221 | 2026-04-29 | 6.5v3.1 | POC | — | Low | None | YES | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintf(dst_buf |
| CVE-2026-30893 | 2026-04-29 | 9.0v3.1 | POC | — | Low | High | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the in |
| CVE-2026-41499 | 2026-04-29 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse_uname_string() (remoted_op.c). This function processes OS identification data from agents |
| CVE-2025-15612 | 2026-03-27 | 6.3v4.0 | POC | — | High | None | no | 0.0 | Wazuh Provisioning Scripts (Agent Build Environment) | Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or c |
| CVE-2025-15615 | 2026-03-27 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | wazuh-manager | Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack o |
| CVE-2025-15616 | 2026-03-27 | 7.1v4.0 | POC | — | Low | High | no | 0.0 | wazuh-agentwazuh-manager | Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR scri |
| CVE-2025-15617 | 2026-03-27 | 8.3v4.0 | POC | — | High | None | no | 0.0 | Wazuh (GitHub Actions) | Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits o |
| CVE-2026-25769 | 2026-03-17 | 9.1v3.1 | POC | — | Low | High | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organi |
| CVE-2026-25770 | 2026-03-17 | 9.1v3.1 | POC | — | Low | High | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The `wazuh-clusterd` service allows authenticated |
| CVE-2026-25771 | 2026-03-17 | 5.3v3.1 | POC | — | Low | None | YES | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service (DoS) vulnerability exists in the Wazuh API authentication middleware (`middlewares.py`). The application uses an asynchronous even |
| CVE-2026-25772 | 2026-03-17 | 4.9v3.1 | POC | — | Low | High | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logic |
| CVE-2026-25790 | 2026-03-17 | 4.9v3.1 | POC | — | Low | High | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment (SCA) decoder (`wazuh-analysisd`). The use of `sprintf` with a flo |
| CVE-2025-30201 | 2025-11-21 | 7.7v3.1 | POC | — | High | High | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading N |
| CVE-2025-64169 | 2025-11-21 | 5.1v4.0 | POC | — | Low | High | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fim_alert() implementation does not check whether oldsum->md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a spe |
| CVE-2025-64483 | 2025-11-21 | 5.3v4.0 | POC | — | Low | Low | no | 0.0 | wazuh-dashboard-plugins | Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configurat |
| CVE-2025-62787 | 2025-10-29 | 2.1v4.0 | POC | — | Low | High | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt() when child_attr[p]->attributes[j] is accessed, because the corresponding index (j) is incorrect. A compromised agent can cause a READ operation b |
| CVE-2025-62788 | 2025-10-29 | 6.3v4.0 | POC | — | Low | None | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, w_copy_event_for_log() references memory (initially allocated in OS_CleanMSG()) after it has been freed. A compromised agent can potentially compromise the integrity of the application by s |
| CVE-2025-62789 | 2025-10-29 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the return value of ctime_r is NULL or not before calling strdup() on it. A compromised agent can cause a crash of analysisd by sending a s |
| CVE-2025-62790 | 2025-10-29 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_fetch_attributes_state() implementation does not check whether time_string is NULL or not before calling strlen() on it. A compromised agent can cause a crash of analysisd by sending a |
| CVE-2025-62791 | 2025-10-29 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat() implementation does not check the return the value of cJSON_GetObjectItem() for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd |
| CVE-2025-62792 | 2025-10-29 | 6.9v4.0 | POC | — | Low | None | YES | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NULL terminated during its allocation in OS_Cle |
| CVE-2025-59938 | 2025-09-27 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in version |
| CVE-2024-1243 | 2025-06-11 | 9.5v4.0 | POC | — | High | None | no | 0.0 | Wazuh Agent | Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for re |
| CVE-2025-24016 | 2025-02-10 | 9.9v3.1 | ACTIVE | Low | Low | no | 26.4 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deseri | |
| CVE-2023-49275 | 2024-04-19 | 6.5v3.1 | POC | — | Low | Low | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the |
| CVE-2023-50260 | 2024-04-19 | 8.8v3.1 | POC | — | Low | Low | no | 0.0 | wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the acti |
Each CVE: 10 pts base (Active only), boosted by:
KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3