Description
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service on authentication daemon
Action: Patch
AI Analysis

Impact

Wazuh authd contains a heap‑buffer overflow that occurs when it processes specially crafted input, leading to corruption of heap memory and malformed heap data. The result is a crash or unresponsiveness of the authentication daemon, which manifests as a denial of service that interrupts authentication services. This weakness is classified as CWE‑125.

Affected Systems

The vulnerability affects the wazuh-authd service in the Wazuh security platform. All versions that include the unpatched code are vulnerable until a fix is released. Users of the Wazuh platform hosting the authentication daemon should verify whether their deployment runs the affected code base and check for a patched release.

Risk and Exploitability

The CVSS score of 5.3 classifies the issue as moderate severity; EPSS data is not available, and it is not listed in the CISA KEV catalog, so the likelihood of exploitation remains uncertain. The likely attack vector is remote attackers sending malicious payloads through the authentication interface, which can trigger memory corruption and force the daemon to crash, reducing availability. Because the vulnerability does not appear to require local or privileged access, it potentially affects any system reachable over the network to the authentication service.

Generated by OpenCVE AI on March 27, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Wazuh to the latest release that includes the authd buffer overflow fix, as noted in vendor advisories.
  • If a patched release is not yet available, restart the wazuh-authd service periodically to recover from crashes and restore availability until a fix is issued.
  • Restrict network access to the authentication daemon using firewalls or ACLs to allow only trusted IPs or ranges.
  • Monitor wazuh-authd logs and system uptime to detect unexpected crashes or restarts, and alert administrators when a crash occurs.

Generated by OpenCVE AI on March 27, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Title Heap buffer overflow in wazuh-authd Wazuh authd service (os_auth) Heap-based Buffer Overflow
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

Fri, 27 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.
Title Heap buffer overflow in wazuh-authd
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-27T19:41:30.868Z

Reserved: 2026-03-27T15:51:18.381Z

Link: CVE-2023-7340

cve-icon Vulnrichment

Updated: 2026-03-27T16:55:49.928Z

cve-icon NVD

Status : Received

Published: 2026-03-27T16:16:20.427

Modified: 2026-03-27T16:16:20.427

Link: CVE-2023-7340

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:28:15Z

Weaknesses