CRITICAL🇵🇱 Wersja polska

CVE-2026-30893

CVSS 9.0v3.1pub. 2026-04-29upd. 2026-04-30

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. This can be escalated to code execution in the Wazuh service context by overwriting Python modules loaded by Wazuh components (proof of concept available as separate attachment). In deployments where the cluster daemon runs with elevated privileges, system-level compromise is possible. This issue has been patched in version 4.14.4.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H
  • Wazuh

    APP
    Wazuh
    4.4.0 – 4.14.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2025-24016CRITICAL9.9⚠ KEVPL ✓ten sam produkt

Wazuh: RCE przez niebezpieczną deserializację w DistributedAPI

CVE-2026-25770CRITICAL9.1PL ✓ten sam produkt

Wazuh: privilege escalation do root przez cluster protocol (RCE)

CVE-2026-25769CRITICAL9.1PL ✓ten sam produkt

RCE przez Deserialization w Wazuh — podatność klastra master/worker

CVE-2024-1243CRITICAL9.5PL ✓ten sam produkt

Wazuh Agent (Windows): wyciek hash NetNTLMv2 umożliwiający RCE i privilege escalation

CVE-2024-32038CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Wazuh Manager przy obsłudze znaków Unicode z Windows Eventchannel