Home / Vulnerability Intelligence / CVE-2026-25770

CVE-2026-25770 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 17, 2026

Wazuh - Privilege Escalation

Published: March 17, 2026Updated: March 17, 2026Remote Exploitable

Overview

Wazuh 3.9.0 to <4.14.3 contains a privilege escalation caused by insecure cluster synchronization protocol allowing authenticated nodes to write arbitrary files and inject commands in ossec.conf, letting attackers with cluster credentials achieve root remote code execution.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers with cluster credentials can execute arbitrary code as root, leading to full system compromise.

Mitigation

Upgrade to version 4.14.3 or later.

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-r4f7-v3p6-79jm

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-25770
Severity: Critical
CVSS Score: 9.1
Type: privilege_escalation
Status: new

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H