CVE-2026-25772 - Vulnerability Analysis
MediumCVSS: 4.9Last Updated: March 19, 2026
Wazuh - Buffer Overflow
Published: March 17, 2026Updated: March 19, 2026PoC AvailableRemote Exploitable
Overview
Wazuh 4.4.0 to <4.14.3 contains a stack-based buffer overflow caused by integer underflow in SQL query buffer size calculation in wdb_delta_event.c, letting attackers cause denial of service or remote code execution, exploit requires crafted database synchronization payload exceeding buffer size.
Severity & Score
Severity: Medium
CVSS Score: 4.9
Impact
Attackers can cause denial of service or execute code remotely by exploiting buffer overflow in database synchronization.
Mitigation
Update to version 4.14.3 or later.
Related Resources
Details
- CVE ID
- CVE-2026-25772
- Severity
- Medium
- CVSS Score
- 4.9
- Type
- buffer_overflow
- Status
- confirmed
CWE
- CWE-121
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H