Description
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service on the Wazuh authentication daemon leading to low availability of the authentication service
Action: Apply Patch
AI Analysis

Impact

Wazuh authd has a heap-buffer overflow that allows attackers to send specially crafted data, corrupting heap memory and creating malformed heap structures. When the corruption occurs, the daemon crashes, resulting in a denial of service condition. The identified impact is limited to a temporary loss of authentication service availability, with no evidence of data compromise or privilege escalation.

Affected Systems

All editions of the Wazuh authentication daemon (wazuh-authd) may be affected. The vendor supplied no specific version range for the flaw, so users should assume that every release is potentially vulnerable until a patch is released. No additional affected products or vendors were listed.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity. Exploitability data from EPSS is unavailable, and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. An attacker must be able to send crafted input to the authd service, implying a remote or local network‑level interaction. The resulting denial of service could interrupt authentication for legitimate users, temporarily crippling security monitoring and enforcement, but it does not directly expose data or compromise system integrity.

Generated by OpenCVE AI on March 27, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Wazuh to the latest version where the heap‑buffer overflow has been fixed or apply any available vendor patch
  • If an immediate patch is not available, limit network exposure to the wazuh‑authd port, allowing traffic only from trusted hosts
  • Monitor authd logs for anomalous authentication attempts or repeated failures indicating exploitation attempts
  • Consider disabling unnecessary authentication interfaces on the daemon until a patch is applied

Generated by OpenCVE AI on March 27, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.
Title Heap buffer overflow in wazuh-authd
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-27T15:02:47.575Z

Reserved: 2026-03-17T11:31:56.956Z

Link: CVE-2026-32984

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T16:16:24.500

Modified: 2026-03-27T16:16:24.500

Link: CVE-2026-32984

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:28:18Z

Weaknesses