CVE-2026-30893 - Vulnerability Analysis
CriticalCVSS: 9.0Last Updated: April 29, 2026
Wazuh - Path Traversal & Remote Code Execution
Published: April 29, 2026Updated: April 29, 2026Remote Exploitable
Overview
Wazuh 4.4.0 to <4.14.4 contains a path traversal caused by improper validation in cluster synchronization extraction, letting authenticated cluster peers write arbitrary files and escalate to code execution, exploit requires authenticated cluster peer access.
Severity & Score
Severity: Critical
CVSS Score: 9.0
Impact
Authenticated cluster peers can write arbitrary files and execute code, potentially leading to full system compromise if daemon runs with elevated privileges.
Mitigation
Upgrade to version 4.14.4 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-30893
- Severity
- Critical
- CVSS Score
- 9.0
- Type
- path_traversal
- Status
- new
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H