Description
Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.
Published: 2026-03-27
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: Remote Code Execution via MITM on Build Infrastructure
Action: Patch Immediately
AI Analysis

Impact

The vulnerability arises when curl is invoked with the -k/--insecure flag, which disables SSL/TLS certificate validation in provisioning scripts and Dockerfiles. This allows an attacker who can intercept network traffic to perform a man‑in‑the‑middle attack, modifying dependencies or code downloaded during the build process. The attacker can then inject malicious payloads that execute within the build environment, leading to remote code execution and supply chain compromise.

Affected Systems

Wazuh provisioning scripts and Dockerfiles used in the Agent Build Environment are affected. No specific version information is available; the issue exists whenever the insecure curl usage is present.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. The EPSS score is not available, but the requirement of network access to intercept traffic suggests a moderate likelihood of exploitation. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog, yet it allows an attacker to tamper with the build code, potentially compromising any deployed agents. The overall risk is moderate to high depending on the exposure of the build infrastructure to external networks.

Generated by OpenCVE AI on March 27, 2026 at 19:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Remove the -k/--insecure flag from all curl commands in provisioning scripts and Dockerfiles.
  • Enforce SSL/TLS certificate validation by using the default curl behavior or by specifying trusted certificates.
  • Validate the integrity of downloaded dependencies using checksums or signature verification.
  • Review build artifacts for unexpected changes and perform regular integrity checks.
  • Keep provisioning scripts and Dockerfiles up to date with vendor updates that address the issue.

Generated by OpenCVE AI on March 27, 2026 at 19:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Title Various uses of curl without verifying the authenticity of the SSL certificate, leading to MITM-RCE in build infrastructure Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Fri, 27 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.
Title Various uses of curl without verifying the authenticity of the SSL certificate, leading to MITM-RCE in build infrastructure
Weaknesses CWE-295
CWE-829
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-27T19:48:43.866Z

Reserved: 2026-03-20T16:24:45.413Z

Link: CVE-2025-15612

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T19:16:41.690

Modified: 2026-03-27T19:16:41.690

Link: CVE-2025-15612

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:27:49Z

Weaknesses