Exploit for Deserialization of Untrusted Data in Wazuh

🚨 CVE-2026-25769 - Wazuh Insecure Deserialization RCE !Sev...

Wazuh 4.14.2 Code Execution / Insecure Deserialization

A critical vulnerability in Wazuh cluster mode allows an attacker with access to a worker node to send malicious serialized payloads that are processed by the master node, resulting in remote code execution with root privileges. Versions 4.0.0 through 4.14.2 are affected...

Haraka affected by DoS via `__proto__` email header

Summary Sending an email with proto: as a header name crashes the Haraka worker process. Details The header parser at nodemodules/haraka-email-message/lib/header.js:215-218 stores headers in a plain object: javascript addheaderkey, value, method this.headerskey ??= // line 216 this.headerskeymeth...

GHSA-XPH3-R2JF-4VP3 Haraka affected by DoS via `__proto__` email header

Summary Sending an email with proto: as a header name crashes the Haraka worker process. Details The header parser at nodemodules/haraka-email-message/lib/header.js:215-218 stores headers in a plain object: javascript addheaderkey, value, method this.headerskey ??= // line 216 this.headerskeymeth...

CVE-2026-25769

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...

CVE-2026-25769

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...

EUVD-2026-12595

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...

CVE-2026-25769

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...

PT-2026-25922

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.0.0 through 4.14.2 Description Wazuh is a free and open source platform used for threat prevention, detection, and response. A Remote Code Execution RCE issue exists due to the deserialization of untrusted data within the...

CVE-2023-22946

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...

CVE-2021-1234

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due t...

SUSE CVE-2021-1234

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due t...

CVE-2024-54676 Apache OpenMeetings: Deserialisation of untrusted data in cluster mode

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted...

CVE-2024-54676

CVE-2024-54676 affects Apache OpenMeetings (2.1.0 up to 8.0.0, multiple entries across feeds). The issue is deserialization of untrusted data in cluster mode due to clustering instructions not specifying OpenJPA white/blacklists. Affected users are advised to upgrade to OpenMeetings 8.0.0 and to ...

Citrix Endpoint Management (aka XenMobile Server) 10.16.0 Rolling Patch 4

Package name: xms10.16.0.10427.bin For: XenMobile Server 10.16.0 Deployment type: On-premises only Replaces: xms10.16.0.10318.bin, xms10.16.0.10205.bin, xms10.16.0.10108.bin Date: December 2024 Languages supported: English US Important notes about this update As a best practice, Citrix recommends...

Citrix Endpoint Management (aka XenMobile Server) 10.15.0 Rolling Patch 4

Package name: xms10.15.0.10417.bin For: XenMobile Server 10.15.0 Deployment type: On-premises only Replaces: xms10.15.0.10327.bin, xms10.15.0.10220.bin and xms10.15.0.10125.bin Date: September 2023 Languages supported: English US Important notes about this update As a best practice, Citrix...

Citrix Endpoint Management (aka XenMobile Server) 10.14.0 Rolling Patch 11

Package name: xms10.14.0.11121.bin For: XenMobile Server 10.14.0 Deployment type: On-premises only Replaces: xms10.14.0.11013.bin, xms10.14.0.10942.bin, xms10.14.0.10813.bin, xms10.14.0.10742.bin, xms10.14.0.10628.bin, xms10.14.0.10521.bin, xms10.14.0.10424.bin, xms10.14.0.10303.bin,...

Improper Privilege Management

spark-core is vulnerable to Improper Privilege Management . The vulnerability exists because the library does not properly disallow arbitrary custom classpaths with the proxy user in cluster mode, which allows an attacker to provide malicious configuration-related classes in the classpath...

GHSA-329J-JFVR-RHR6 Apache Spark vulnerable to Improper Privilege Management

In Apache Spark versions prior to versions 3.4.0 and 3.3.3, applications using spark-submit can specify a proxy-user to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the...

PYSEC-2023-44

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...