Description
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable.
Published: 2026-03-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via TLS renegotiation
Action: Upgrade Now
AI Analysis

Impact

Wazuh Manager authd service accepts client‑initiated TLS/SSL renegotiation requests without enforcing limits. An attacker can repeatedly trigger renegotiation, causing the service to consume excessive CPU and become unavailable, effectively denying service to legitimate users.

Affected Systems

This vulnerability affects the Wazuh Manager product from the Wazuh vendor, specifically all installations running version 4.7.3 or earlier.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate to high severity, and the EPSS score of less than 1% suggests a low likelihood of widespread exploitation, though the vulnerability is not listed in CISA’s KEV catalog. Attackers likely need remote network access to the authd service to send repeated renegotiation requests; no local privilege escalation or sensitive data exposure is reported.

Generated by OpenCVE AI on March 31, 2026 at 19:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Wazuh Manager to a version newer than 4.7.3.
  • Monitor authd service logs for abnormal TLS renegotiation activity to detect attempted exploitation.

Generated by OpenCVE AI on March 31, 2026 at 19:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Wazuh wazuh
CPEs cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
Vendors & Products Wazuh wazuh

Mon, 30 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Wazuh
Wazuh wazuh-manager
Vendors & Products Wazuh
Wazuh wazuh-manager

Fri, 27 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable.
Title SSL/TLS Renegotiation DoS in Wazuh Manager authd service
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L'}

Subscriptions

Wazuh Wazuh Wazuh-manager
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T12:10:54.148Z

Reserved: 2026-03-17T11:31:56.956Z

Link: CVE-2026-32983

cve-icon Vulnrichment

Updated: 2026-03-30T12:10:50.952Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T16:16:24.297

Modified: 2026-03-31T18:29:52.390

Link: CVE-2026-32983

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:01:08Z

Weaknesses