Home / Vulnerability Intelligence / CVE-2026-25769

CVE-2026-25769 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 17, 2026

Wazuh - Remote Code Execution

Published: March 17, 2026Updated: March 17, 2026PoC AvailableRemote Exploitable

Overview

Wazuh 4.0.0 through 4.14.2 contains a remote code execution caused by deserialization of untrusted data in cluster mode, letting attackers with access to a worker node execute code as root on the master node, exploit requires compromised worker node access.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers with access to a worker node can execute code as root on the master node, leading to full system compromise.

Mitigation

Upgrade to version 4.14.3 or later.

References

https://drive.google.com/drive/folders/1WlkKNmHexz8212OVED9O6M_3pI8b6qNI?usp=sharing
https://github.com/wazuh/wazuh/security/advisories/GHSA-3gm7-962f-fxw5

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-25769
Severity: Critical
CVSS Score: 9.1
Type: insecure_deserialization
Status: new

CWE

CWE-502

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H