CVE-2026-25772

MEDIUM 4.9

Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underflow

CVSS Score

4.9

EPSS Score

0.0%

EPSS Percentile

0th

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logic allows for an integer underflow when calculating the remaining buffer size. This occurs because the code incorrectly aggregates the return value of `snprintf`. If a specific database synchronization payload exceeds the size of the query buffer (2048 bytes), the size calculation wraps around to a massive integer, effectively removing bounds checking for subsequent writes. This allows an attacker to corrupt the stack, leading to a Denial of Service (DoS) or potentially RCE. Version 4.14.3 fixes the issue.

CWE	CWE-121 CWE-191
Vendor	wazuh
Product	wazuh
Published	Mar 17, 2026
Last Updated	Mar 17, 2026

Stay Ahead of the Next One

Get instant alerts for wazuh wazuh

Be the first to know when new medium vulnerabilities affecting wazuh wazuh are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

wazuh / wazuh

>= 4.4.0, < 4.14.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/wazuh/wazuh/security/advisories/GHSA-h7vp-j34v-h6j5