Wazuh - Unsafe Deserialization Remote Code Execution

A critical Remote Code Execution RCE vulnerability exists in Wazuh server versions = 4.4.0 and = 4.4.0 and 4.9.1. The vulnerability occurs due to unsafe deserialization in the wazuh-manager package, specifically in the DistributedAPI where parameters are serialized as JSON and deserialized using...

lab-purple-team

Lab Purple Team - Active Directory !screenshots/wazuhsecu...

CVE-2026-48710 vulnerabilities

Vulnerabilities for packages: wazuh-manager, tritonserver-backend-vllm-cuda-12.9, wazuh-manager-fips, nemo...

GHSA-86QP-5C8J-P5MR vulnerabilities

Vulnerabilities for packages: wazuh-manager, tritonserver-backend-vllm-cuda-12.9, wazuh-manager-fips, nemo...

📄 Wazuh Cluster Remote Code Execution / Insecure Deserialization

This is a Metasploit Framework exploit module targeting a critical remote code execution vulnerability in Wazuh cluster mode identified as CVE-2026-25769. The flaw is described as an insecure deserialization issue in the cluster synchronization mechanism, where the master node improperly processe...

Wazuh 4.14.2 Security Scanner

This Python script is a non-exploitative security scanner designed to test basic responsiveness and message handling behavior of a Wazuh cluster communication endpoint...

CVE-2026-41499

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...

CVE-2026-28221

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

CVE-2026-26204

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...

CVE-2026-26206

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

CVE-2026-30893

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the...

GHSA-298W-VVM4-WW55 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard, opensearch-dashboards, wazuh-dashboard-fips, opensearch-dashboards-fips...

Wazuh-Deployment-Vulnerability-Monitoring-PoC

🛡️ Wazuh Deployment & Vulnerability Monitoring PoC Overvie...

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploitation-Using-Metasploit-

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploit...

CVE-2026-46625 vulnerabilities

Vulnerabilities for packages: langfuse, saf, langfuse-fips, redisinsight, opensearch-dashboards, wazuh-dashboard-fips, wazuh-dashboard, opensearch-dashboards-fips, kibana...

GHSA-QJX8-664M-686J vulnerabilities

Vulnerabilities for packages: langfuse, saf, langfuse-fips, redisinsight, opensearch-dashboards, wazuh-dashboard-fips, wazuh-dashboard, opensearch-dashboards-fips, kibana...

Context-Aware Web Attack Detection in Open-Source SIEM Systems Via MITRE ATT&CK-Enriched Behavioral Profiling

Security Information and Event Management SIEM systems aggregate log data from heterogeneous sources to detect coordinated attacks. Traditional rule-based correlation engines struggle to classify multi-step web application attacks because they examine each event without reference to the behaviour...

GHSA-62HF-57XW-28J9 vulnerabilities

Vulnerabilities for packages: langfuse, saf, wazuh-dashboard, langfuse-fips, redisinsight, opensearch-dashboards, wazuh-dashboard-fips, lerna, jitsucom-jitsu, prism, kubeflow-centraldashboard, opensearch-dashboards-fips, kibana...

GHSA-PMWG-CVHR-8VH7 vulnerabilities

Vulnerabilities for packages: langfuse, saf, wazuh-dashboard, langfuse-fips, redisinsight, opensearch-dashboards, wazuh-dashboard-fips, lerna, jitsucom-jitsu, prism, kubeflow-centraldashboard, opensearch-dashboards-fips, kibana...

GHSA-VF2M-468P-8V99 vulnerabilities

Vulnerabilities for packages: langfuse, saf, wazuh-dashboard, langfuse-fips, redisinsight, opensearch-dashboards, wazuh-dashboard-fips, lerna, jitsucom-jitsu, prism, kubeflow-centraldashboard, opensearch-dashboards-fips, kibana...