CVE-2026-26204

Name of the Vulnerable Software and Affected Versions Wazuh versions 1.0.0 through 4.14.3

Description A heap-based out-of-bounds WRITE occurs in the GetAlertData() function. This is caused by an unsigned integer underflow and pointer arithmetic wrapping, which results in a NULL byte being written exactly 1 byte before the start of the buffer allocated by strdup, thereby corrupting heap metadata. A malicious actor with a compromised agent can exploit this by injecting a specially crafted alert into the alerts log file monitored by wazuh-logcollector to cause heap corruption or denial of service.

Recommendations Update to version 4.14.4.