CVE-2026-33754
Wazuh 3.9.0+ is affected by an unauthenticated DoS in the cluster protocol parser caused by a crafted header with an arbitrarily large payload length. The vulnerability arises because the length is trusted before authentication/decryption and used to allocate memory, leading to memory exhaustion ...