Description
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch ASAP
AI Analysis

Impact

Wazuh authd contains a heap-buffer overflow that allows attackers to corrupt memory and produce malformed heap data. This vulnerability gives adversaries the ability to trigger a denial-of-service condition, terminating the authentication daemon and causing a temporary loss of availability.

Affected Systems

The affected product is Wazuh, a security monitoring and IDS platform. The vulnerability exists in the authentication daemon (authd) of Wazuh versions 4.3.10 and earlier, as indicated by the associated CPE entries. Administrators should confirm whether their deployment uses those affected releases.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to send specially crafted input to the authd service, likely over the network interface that agents use to authenticate. Given that the issue leads only to service crashes and not privilege escalation, the overall risk is limited to short‑lived denial of service.

Generated by OpenCVE AI on March 31, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Wazuh to the latest release that resolves CVE‑2023‑7340 (for example, version 4.3.11 or later).
  • If an upgrade is temporarily infeasible, restrict network access to the authd service by firewalling or disabling unused agent‑connection interfaces until the patch is applied.
  • Monitor authd logs for abrupt process restarts or out‑of‑memory kills that could indicate exploitation attempts.
  • Validate service stability after any changes by testing authentication flows to ensure no denial of service incidents occur.

Generated by OpenCVE AI on March 31, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
cpe:2.3:a:wazuh:wazuh:4.3.10:*:*:*:*:*:*:*

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Wazuh
Wazuh wazuh
Vendors & Products Wazuh
Wazuh wazuh

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Title Heap buffer overflow in wazuh-authd Wazuh authd service (os_auth) Heap-based Buffer Overflow
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

Fri, 27 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.
Title Heap buffer overflow in wazuh-authd
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Wazuh Wazuh
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-27T19:41:30.868Z

Reserved: 2026-03-27T15:51:18.381Z

Link: CVE-2023-7340

cve-icon Vulnrichment

Updated: 2026-03-27T16:55:49.928Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T16:16:20.427

Modified: 2026-03-31T18:31:47.710

Link: CVE-2023-7340

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:01:07Z

Weaknesses