High severity8.8NVD Advisory· Published Mar 6, 2021· Updated Jun 17, 2026
CVE-2021-26814
CVE-2021-26814
Description
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wazuhnpm | >= 4.0.0, < 4.0.4 | 4.0.4 |
Affected products
2- Wazuh/Wazuh APIdescription
Patches
Vulnerability mechanics
References
4- documentation.wazuh.com/4.0/release-notes/release_4_0_4.htmlnvdRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-w36g-q975-37rgghsaADVISORY
- github.com/wazuh/wazuh/releases/tag/v4.0.4nvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-26814ghsaADVISORY
News mentions
0No linked articles in our index yet.