Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-25769— Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization

CVSS 9.1 · Critical EPSS 0.44% · P63
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-25769

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization
Source: NVD (National Vulnerability Database)
Vulnerability Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achieve full RCE on the master node with root privileges. Version 4.14.3 fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Wazuh 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Wazuh是Wazuh开源的一个应用软件。用于收集,汇总,索引和分析安全数据,帮助组织检测入侵,威胁和行为异常。 Wazuh 4.0.0至4.14.2版本存在安全漏洞,该漏洞源于反序列化不可信数据,可能导致远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
wazuhwazuh >= 4.0.0, < 4.14.3 -

II. Public POCs for CVE-2026-25769

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-25769

登录查看更多情报信息。

Same Patch Batch · wazuh · 2026-03-17 · 5 CVEs total

CVE-2026-257709.1 CRITICALWazuh has Privilege Escalation to Root via Cluster Protocol File Write
CVE-2026-257715.3 MEDIUMWazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authent
CVE-2026-257724.9 MEDIUMWazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Inte
CVE-2026-257904.9 MEDIUMWazuh has Stack-Based Buffer Overflow in Security Configuration Assessment JSON Parser

IV. Related Vulnerabilities

Same product: wazuh
Same vendor: wazuh
Same weakness: CWE-502

V. Comments for CVE-2026-25769

No comments yet

Leave a comment