Wazuh Critical Vulnerability - 20260408001¶
Overview¶
The WASOC has become aware of a critical vulnerability in Wazuh Manager where a remote code execution (RCE) allows an authorised attacker to access cluster worker node to execute code on the master node as root.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Wazuh | Versions 4.0.0 through 4.14.2 | CVE-2026-25769 | 9.1 | Critical |
What has been observed?¶
The WASOC is aware of a full technical analysis and PoC exploit kit being publicly available for one or more of the mentioned items. The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):