Ghostwire

CVE-2026-33754: Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.9.0 and...

MEDIUM CVSS 0.0

Published: July 17, 2026 | Last Modified: July 17, 2026

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.9.0 and above, prior to 4.14.5, a remote attacker can trigger memory exhaustion in the cluster protocol parser by sending a crafted message header with an arbitrarily large payload length. The length is trusted before authentication/decryption and used directly to allocate memory, allowing unauthenticated denial of service of the cluster service. This issue has been fixed in version 4.14.5.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References