wazuh, inc

Top products

The 15 most recently published vulnerabilities affecting wazuh, inc.

• CVE-2026-41499Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in parse_uname_string()6.5Apr 29, 2026
• CVE-2026-30893Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer9.0Apr 29, 2026
• CVE-2026-28221Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_646.5Apr 29, 2026
• CVE-2026-26206Wazuh: API brute-force protection bypass via race condition in login attempt tracking6.5Apr 29, 2026
• CVE-2026-26204Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertData4.4Apr 29, 2026
• CVE-2025-15612Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE4.8Mar 27, 2026
• CVE-2026-25790Wazuh has Stack-Based Buffer Overflow in Security Configuration Assessment JSON Parser4.9Mar 17, 2026
• CVE-2026-25772Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underflow4.9Mar 17, 2026
• CVE-2026-25771Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware5.3Mar 17, 2026
• CVE-2026-25770Wazuh has Privilege Escalation to Root via Cluster Protocol File Write9.1Mar 17, 2026
• CVE-2026-25769Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization9.1Mar 17, 2026
• CVE-2025-64169Wazuh NULL pointer dereference in fim_alert line 6664.9Nov 21, 2025
• CVE-2025-54866Wazuh installation fails to protected authd.pass on Windows5.5Nov 21, 2025
• CVE-2025-30201Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities7.7Nov 21, 2025
• CVE-2025-64483Wazuh API – Agent Configuration Has Improper Access Control in Agent Enrollment Endpoint6.3Nov 21, 2025