Description
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

Heap buffer overflow in the Wazuh authentication daemon (authd) can corrupt heap memory when processing specially crafted input, leading to a denial of service of the authentication service. The vulnerability is categorized as CWE‑125 and results in low availability impact for users relying on remote authentication.

Affected Systems

The issue affects all current Wazuh deployments, with the vulnerability known to exist in version 4.3.10 and earlier. Any system running the authd component is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score below 1 % shows that the likelihood of public exploitation is low at this time and the vulnerability is not listed in the CISA KEV catalogue. The likely attack vector is remote, via network traffic that reaches the authd daemon, requiring the attacker to send malformed packets that trigger the buffer overflow.

Generated by OpenCVE AI on March 31, 2026 at 19:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Wazuh release that contains a patch for the authd component.
  • If no patch is available, restrict network access to the authd service to trusted hosts only.
  • Restart the authd daemon and monitor logs for abnormal crashes or inconsistent behavior.
  • Contact Wazuh support for further guidance if the issue persists.

Generated by OpenCVE AI on March 31, 2026 at 19:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
cpe:2.3:a:wazuh:wazuh:4.3.10:*:*:*:*:*:*:*

Tue, 31 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Wazuh
Wazuh wazuh
Vendors & Products Wazuh
Wazuh wazuh

Fri, 27 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.
Title Heap buffer overflow in wazuh-authd
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Wazuh Wazuh
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-31T15:08:54.214Z

Reserved: 2026-03-17T11:31:56.956Z

Link: CVE-2026-32984

cve-icon Vulnrichment

Updated: 2026-03-31T15:08:50.976Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T16:16:24.500

Modified: 2026-03-31T18:29:15.857

Link: CVE-2026-32984

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:01:09Z

Weaknesses