CVE-2026-25771

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.3.0 through 4.14.2

Description Wazuh is a platform used for threat prevention, detection, and response. A denial of service issue exists in the Wazuh API authentication middleware (middlewares.py). The application uses an asynchronous event loop (Starlette/Asyncio) to call a synchronous function (generate keypair) that performs blocking disk I/O on every request containing a Bearer token. A remote, unauthenticated attacker can exploit this by flooding the API with requests containing invalid Bearer tokens. This forces the single-threaded event loop to pause repeatedly for file read operations, potentially preventing the application from accepting or processing legitimate connections. The generate keypair function is involved in the issue.

Recommendations Update to version 4.14.3 or later.