CVE-2026-25769 CRITICAL

CVE-2026-25769: Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization

Vendor Wazuh
Product wazuh
Weakness CWE-502 · Unsafe deserialization
Published March 17, 2026
Last update March 18, 2026

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achieve full RCE on the master node with root privileges. Version 4.14.3 fixes the issue.

Key dates

02Disclosure timeline

March 17, 2026 CVE published
March 18, 2026 Record updated