Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.14 views

CVE-2026-30893

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the...

9.9CVSS6AI score0.00399EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 5:55 p.m.61 views

CVE-2026-30893 Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the...

9CVSS0.00399EPSS
Exploits0References2
CVE
CVE
added 2026/03/17 6:2 p.m.48 views

CVE-2026-25770

Affected software : Wazuh Manager (cluster synchronization protocol). Vulnerability details : In versions 3.9.0 up to just before 4.14.3, authenticated nodes can abuse the cluster protocol to write arbitrary files on the manager filesystem as the wazuh user. The insecure permissions let the wazuh...

9.1CVSS6AI score0.00969EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 5:41 p.m.2 views

CVE-2026-25769 Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...

9.1CVSS6AI score0.09246EPSS
Exploits4References2
OSV
OSV
added 2026/03/17 5:41 p.m.5 views

CVE-2026-25769 Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...

9.1CVSS6.2AI score0.09246EPSS
Exploits4References4
CVE
CVE
added 2026/03/17 5:41 p.m.41 views

CVE-2026-25769

CVE-2026-25769 affects Wazuh versions 4.0.0–4.14.2 and is exploitable via Remote Code Execution due to Deserialization of Untrusted Data. In deployments using cluster mode (master/worker), a compromised worker node can achieve full RCE on the master with root privileges. The issue is fixed in ver...

9.1CVSS6AI score0.09246EPSS
Exploits4References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.12 views

PT-2026-25923

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

9.1CVSS6AI score0.00969EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2026/02/11 6:29 p.m.119 views

Exploit for Deserialization of Untrusted Data in Wazuh

CVE-2026-25769 - Remote Code Execution via Insecure Deserializ...

9.1CVSS5.9AI score0.09246EPSS
Exploits4
Rows per page
Query Builder