Home / Vulnerability Intelligence / CVE-2026-25771

CVE-2026-25771 - Vulnerability Analysis

MediumCVSS: 5.3

Last Updated: March 19, 2026

Wazuh - Denial of Service

Published: March 17, 2026Updated: March 19, 2026PoC AvailableRemote Exploitable

Overview

Wazuh 4.3.0 to <4.14.3 contains a denial of service caused by blocking disk I/O in API authentication middleware, letting unauthenticated remote attackers exhaust CPU resources by flooding invalid Bearer token requests.

Severity & Score

Severity: Medium

CVSS Score: 5.3

Impact

Unauthenticated attackers can cause service disruption by exhausting CPU resources, preventing legitimate API connections.

Mitigation

Upgrade to version 4.14.3 or later.

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-33w3-p5hm-jw7g

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-25771
Severity: Medium
CVSS Score: 5.3
Type: denial_of_service
Status: confirmed

CWE

CWE-400

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L