VYPR
High severity8.8NVD Advisory· Published Mar 6, 2021· Updated Jun 17, 2026

CVE-2021-26814

CVE-2021-26814

Description

Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
wazuhnpm
>= 4.0.0, < 4.0.44.0.4

Affected products

2
  • Wazuh/Wazuh APIdescription
  • ghsa-coords
    Range: >= 4.0.0, < 4.0.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.