Description
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable.
Published: 2026-03-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

The wazuh-manager authd service accepts client‑initiated SSL/TLS renegotiation without enforcing limits, allowing a remote attacker to flood the service with renegotiation requests. Each request consumes CPU and memory, eventually exhausting resources and causing the authentication daemon to become unavailable. This flaw results in denial of service for all authentication operations that rely on the authd service.

Affected Systems

The vulnerability affects the Wazuh wazuh-manager component, specifically all releases through version 4.7.3. Systems running the 4.7.3 or earlier packages are susceptible; versions newer than 4.7.3 are not listed as impacted.

Risk and Exploitability

The flaw receives a CVSS base score of 6.9, indicating moderate severity. The exploitation probability estimate is below 1%, suggesting a low probability of exploitation, and it is not included in CISA’s KEV catalog. Attackers can exploit the weakness remotely by initiating TLS renegotiation requests over the network. Because the flaw resides in the authentication service, successful exploitation results in a denial of service that affects all users who rely on the wazuh-manager for authentication.

Generated by OpenCVE AI on March 31, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the wazuh-manager package version and upgrade to a fixed release newer than 4.7.3.
  • If an update is not immediately available, reconfigure the authentication service or network devices to disable or restrict client‑initiated TLS renegotiation.
  • Implement firewall rules to limit traffic to the authd service and monitor for sudden increases in CPU usage or connection attempts.
  • Keep the system updated with the latest vendor advisories and apply any published mitigations promptly.

Generated by OpenCVE AI on March 31, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Wazuh wazuh
CPEs cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
Vendors & Products Wazuh wazuh

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Wazuh
Wazuh wazuh-manager
Vendors & Products Wazuh
Wazuh wazuh-manager

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Title SSL/TLS Renegotiation DoS in Wazuh Manager authd service Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service

Fri, 27 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable.
Title SSL/TLS Renegotiation DoS in Wazuh Manager authd service
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L'}

Subscriptions

Wazuh Wazuh Wazuh-manager
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-27T19:43:38.523Z

Reserved: 2026-03-27T16:20:48.688Z

Link: CVE-2025-15615

cve-icon Vulnrichment

Updated: 2026-03-27T17:39:45.592Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T17:16:26.767

Modified: 2026-03-31T18:26:05.670

Link: CVE-2025-15615

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:01:02Z

Weaknesses