8 matches found
CVE-2026-30893
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the...
CVE-2026-30893 Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the...
CVE-2026-25770
Affected software : Wazuh Manager (cluster synchronization protocol). Vulnerability details : In versions 3.9.0 up to just before 4.14.3, authenticated nodes can abuse the cluster protocol to write arbitrary files on the manager filesystem as the wazuh user. The insecure permissions let the wazuh...
CVE-2026-25769 Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...
CVE-2026-25769 Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...
CVE-2026-25769
CVE-2026-25769 affects Wazuh versions 4.0.0–4.14.2 and is exploitable via Remote Code Execution due to Deserialization of Untrusted Data. In deployments using cluster mode (master/worker), a compromised worker node can achieve full RCE on the master with root privileges. The issue is fixed in ver...
PT-2026-25923
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...
Exploit for Deserialization of Untrusted Data in Wazuh
CVE-2026-25769 - Remote Code Execution via Insecure Deserializ...