Vulnerability Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achieve full RCE on the master node with root privileges. Version 4.14.3 fixes the issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wazuh | Wazuh | >= 4.0.0, < 4.14.3 |
Related Weaknesses (CWE)
References
- https://drive.google.com/drive/folders/1WlkKNmHexz8212OVED9O6M_3pI8b6qNI?usp=shaBroken Link
- https://github.com/wazuh/wazuh/security/advisories/GHSA-3gm7-962f-fxw5ExploitVendor Advisory
- https://github.com/wazuh/wazuh/security/advisories/GHSA-3gm7-962f-fxw5ExploitVendor Advisory
FAQ
What is CVE-2026-25769?
CVE-2026-25769 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of U...
How severe is CVE-2026-25769?
CVE-2026-25769 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-25769?
Check the references section above for vendor advisories and patch information. Affected products include: Wazuh Wazuh.