CVE-2026-25769
Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization
CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
0th
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achieve full RCE on the master node with root privileges. Version 4.14.3 fixes the issue.
| CWE | CWE-502 |
| Vendor | wazuh |
| Product | wazuh |
| Published | Mar 17, 2026 |
| Last Updated | Mar 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for wazuh wazuh
Be the first to know when new critical vulnerabilities affecting wazuh wazuh are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
wazuh / wazuh
>= 4.0.0, < 4.14.3