CVE-2026-25790 - Vulnerability Analysis
MediumCVSS: 4.9Last Updated: March 19, 2026
Wazuh - Buffer Overflow
Published: March 17, 2026Updated: March 19, 2026PoC AvailableRemote Exploitable
Overview
Wazuh >= 3.9.0 and < 4.14.3 contains a stack-based buffer overflow caused by unbounded sprintf with %lf on a fixed 128-byte buffer in the Security Configuration Assessment decoder, letting remote attackers cause denial of service or remote code execution via crafted JSON events.
Severity & Score
Severity: Medium
CVSS Score: 4.9
Impact
Remote attackers can cause denial of service or execute arbitrary code on the Wazuh manager, potentially compromising the system.
Mitigation
Upgrade to version 4.14.3 or later.
Related Resources
Details
- CVE ID
- CVE-2026-25790
- Severity
- Medium
- CVSS Score
- 4.9
- Type
- buffer_overflow
- Status
- confirmed
CWE
- CWE-121
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H