Description
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on the availability of the authentication daemon.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Heap buffer overflow in the Wazuh authentication daemon (authd) allows attackers to send specially crafted input that corrupts heap memory and introduces malformed heap data, triggering a denial of service condition. The vulnerability, identified as CWE‑125, results in low impact on the availability of the authentication daemon.

Affected Systems

The issue affects all current Wazuh deployments, with the vulnerability known to exist in version 4.3.10 and earlier. Any system running the authd component is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score below 1 % shows that the likelihood of public exploitation is low at this time and the vulnerability is not listed in the CISA KEV catalogue. The likely attack vector is remote, via network traffic that reaches the authd daemon, requiring the attacker to send malformed packets that trigger the buffer overflow.

Generated by OpenCVE AI on May 26, 2026 at 14:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Wazuh release that contains a patch for the authd component.
  • If no patch is available, restrict network access to the authd service to trusted hosts only.
  • Restart the authd daemon and monitor logs for abnormal crashes or inconsistent behavior.
  • Contact Wazuh support for further guidance if the issue persists.

Generated by OpenCVE AI on May 26, 2026 at 14:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon. Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on the availability of the authentication daemon.

Tue, 31 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
cpe:2.3:a:wazuh:wazuh:4.3.10:*:*:*:*:*:*:*

Tue, 31 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Wazuh
Wazuh wazuh
Vendors & Products Wazuh
Wazuh wazuh

Fri, 27 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.
Title Heap buffer overflow in wazuh-authd
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Wazuh Wazuh
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T11:52:12.714Z

Reserved: 2026-03-17T11:31:56.956Z

Link: CVE-2026-32984

cve-icon Vulnrichment

Updated: 2026-03-31T15:08:50.976Z

cve-icon NVD

Status : Modified

Published: 2026-03-27T16:16:24.500

Modified: 2026-05-26T14:16:33.737

Link: CVE-2026-32984

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T15:00:10Z

Weaknesses