Back to overview

CVE-2026-34150

HIGH
7.5
CVSS 3.1
Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 1.0.0 and above, prior to 4.14.5, a heap buffer overflow in wazuh-analysisd allows an unauthenticated remote attacker to crash the Wazuh manager's analysis engine, causing complete loss of SIEM alert processing. The attack exploits the default configuration shipped in the official wazuh/wazuh-docker deployment with default configuration. An attacker can enroll with authd without a password to obtain a valid agent ID and encryption key, connect to remoted over the Wazuh agent protocol, and inject rootcheck events containing  {key: value}  patterns longer than 30 bytes that trigger a sprintf overflow of a 30-byte buffer in W_JSON_ParseRootcheck, corrupting the heap and crashing wazuh-analysisd so that all alert processing silently stops while the dashboard and API keep showing stale data.

Metadata

CVE ID
CVE-2026-34150
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-03-25 20:12 UTC
Published
2026-07-16 23:44 UTC
Last updated
2026-07-16 23:44 UTC
Primary CWE
CWE-122
CWE-122: Heap-based Buffer Overflow
Vendor / Product
wazuh / wazuh
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products (1)
VendorProductPlatformVersions
wazuh wazuh >= 1.0.0, < 4.14.5
Weakness (CWE)
CWESourceDescription
CWE-122 cna CWE-122: Heap-based Buffer Overflow
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References (1)
Back to overview