CVE-2026-25769

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.0.0 through 4.14.2

Description Wazuh is a free and open source platform used for threat prevention, detection, and response. A Remote Code Execution (RCE) issue exists due to the deserialization of untrusted data within the cluster synchronization protocol. This affects deployments using cluster mode (master/worker architecture). An attacker who gains access to a worker node—via initial access, insider threats, or supply chain attacks—can achieve full RCE on the master node with root privileges by sending a specially crafted DAPI request. The issue involves the as wazuh object() function, unsafe reflective object loading, and implicit cluster trust assumptions, allowing for Python runtime abuse and dynamic import exploitation.

Recommendations Update to version 4.14.3.