Unrated severityNVD Advisory· Published Mar 17, 2026· Updated Mar 18, 2026

Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization

CVE-2026-25769

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achieve full RCE on the master node with root privileges. Version 4.14.3 fixes the issue.

Affected products

Wazuh/Wazuhv5
Range: >= 4.0.0, < 4.14.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.google.com/drive/folders/1WlkKNmHexz8212OVED9O6M_3pI8b6qNImitrex_refsource_MISC
github.com/wazuh/wazuh/security/advisories/GHSA-3gm7-962f-fxw5mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000