Home / Vulnerability Intelligence / CVE-2026-25770

CVE-2026-25770 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 18, 2026

Wazuh - Privilege Escalation

Published: March 17, 2026Updated: March 18, 2026Remote Exploitable

Overview

Wazuh 3.9.0 to <4.14.3 contains a privilege escalation caused by insecure cluster synchronization protocol allowing authenticated nodes to write arbitrary files and inject commands in ossec.conf, letting attackers with cluster credentials achieve root remote code execution.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 8.7%(Probability of exploitation in next 30 days)

Impact

Attackers with cluster credentials can execute arbitrary code as root, leading to full system compromise.

Mitigation

Upgrade to version 4.14.3 or later.

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-r4f7-v3p6-79jm

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 17, 2026

🔴 CVE-2026-25770 - Critical (9.1) Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protoco... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25770/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-25770
Severity: Critical
CVSS Score: 9.1
Type: privilege_escalation
Status: unconfirmed
EPSS: 8.7%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

8.7%Probability of exploitation in the next 30 days