Wazuh Vulnerabilities Allow Critical Remote Attacks
Summary
CERT-Bund has issued a security advisory for Wazuh, detailing multiple vulnerabilities that allow critical remote attacks with a CVSS score of 9.1. The advisory affects Wazuh versions prior to 4.14.3 and impacts UNIX and other operating systems.
What changed
CERT-Bund has released a security advisory (WID-SEC-2026-0771) concerning critical vulnerabilities in Wazuh, a security monitoring platform. These vulnerabilities, with a CVSS Base Score of 9.1, allow attackers to bypass security measures, gain root privileges, execute arbitrary code with root rights, or cause a denial-of-service condition. The advisory specifically impacts Wazuh versions prior to 4.14.3 and affects systems running on UNIX and other operating systems.
Organizations utilizing Wazuh versions prior to 4.14.3 should immediately assess their systems and apply available mitigations. Given the critical nature of these vulnerabilities and the potential for remote exploitation, prompt action is required to prevent security breaches. Affected entities should consult the advisory for specific mitigation steps and consider upgrading to a patched version as soon as possible to avoid potential security incidents and data compromise.
What to do next
- Review Wazuh installations for versions prior to 4.14.3.
- Apply available mitigations as detailed in the CERT-Bund advisory.
- Consider upgrading Wazuh to a patched version to address identified vulnerabilities.
Source document (simplified)
[WID-SEC-2026-0771] Wazuh: Mehrere Schwachstellen ermöglichen CVSS Base Score 9.1 (kritisch) CVSS Temporal Score 8.2 (hoch) Remoteangriff ja Datum 17.03.2026 Stand 18.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
Wazuh ist eine Sicherheitsüberwachungsplattform, die Funktionen wie Intrusion Detection, Log-Analyse und Sicherheitsinformations- und Ereignismanagement (SIEM) bietet.
Produkte
17.03.2026
- Open Source Wazuh <4.14.3
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in Wazuh ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Root-Rechte zu erlangen, beliebigen Code mit Root-Rechten auszuführen oder einen Denial-of-Service-Zustand herbeizuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.