Detections
Analytics
Wazuh Server 4.0.0 < 4.14.3 RCE
critical Nessus Plugin ID 303595
Synopsis
The remote host contains a threat prevention, detection, and response platform that is affected by a remote code execution vulnerability.Description
The version of Wazuh Server on the remote host is at least 4.0.0 and prior to 4.14.3. It is, therefore, affected by a remote code execution vulnerability:- A deserialization of untrusted data vulnerability exists in Wazuh's cluster mode (master/worker architecture). An attacker who gains access to a worker node can achieve full remote code execution on the master node with root privileges. (CVE-2026-25769)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Wazuh Server version 4.14.3 or later.See Also
https://github.com/wazuh/wazuh/security/advisories/GHSA-3gm7-962f-fxw5
Plugin Details
Severity: Critical
ID: 303595
File Name: wazuh_server_4_14_3.nasl
Version: 1.1
Type: local
Agent: unix
Family: Misc.
Published: 3/25/2026
Updated: 3/25/2026
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.2
CVSS v2
Risk Factor: High
Base Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C
CVSS Score Source: CVE-2026-25769
CVSS v3
Risk Factor: Critical
Base Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:wazuh:wazuh
Patch Publication Date: 3/17/2026
Vulnerability Publication Date: 3/17/2026
Reference Information
CVE: CVE-2026-25769