CVE-2026-28221

🗓️ 29 Apr 2026 17:53:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 13 Views🌐 WEB

CVE-2026-28221: pre-auth stack overflow in wazuh-remoted print_hex_string due to signed char promotion; remote via TCP 1514; fixed in 4.14.4.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-28221	29 Apr 202617:53	–	attackerkb
Circl	CVE-2026-28221	30 Apr 202604:07	–	circl
CNNVD	Wazuh 安全漏洞	29 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64	29 Apr 202617:53	–	cvelist
EUVD	EUVD-2026-26270	29 Apr 202617:53	–	euvd
NVD	CVE-2026-28221	29 Apr 202619:16	–	nvd
Positive Technologies	PT-2026-35966	29 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-28221	5 Jun 202619:29	–	redhatcve
Vulnrichment	CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64	29 Apr 202617:53	–	vulnrichment

NVD

Vulners

Node

wazuh wazuhRange4.8.0–4.14.4

[
  {
    "vendor": "wazuh",
    "product": "wazuh",
    "versions": [
      {
        "version": ">= 4.8.0, < 4.14.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/wazuh/wazuh/security/advisories/GHSA-q9vv-7w4c-f4cm
github	www.github.com/wazuh/wazuh/releases/tag/v4.14.4

Parameter	Position	Path	Description	CWE
length prefix	binary	tcp/1514	Remote stack-based buffer overflow in wazuh-remoted via oversized length prefix over TCP/1514, enabling out-of-bounds write and triggering an attacker-controlled hex dump in logs.	CWE-121, CWE-400
payload bytes	binary	tcp/1514	Remote stack-based buffer overflow in wazuh-remoted via oversized length prefix over TCP/1514, enabling out-of-bounds write and triggering an attacker-controlled hex dump in logs.	CWE-121, CWE-400

17 Jun 2026 10:28Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.5 - 8.2

EPSS0.00382

SSVC