CVE-2026-41499

EUVD-2026-26272

29.04.2026, 19:16

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse_uname_string() (remoted_op.c). This function processes OS identification data from agents and contains a dangerous code pattern that appears in 4 locations within the same function: writing to strlen(ptr) - 1 without checking for empty strings. When the string is empty, strlen() returns 0, and 0 - 1 wraps to SIZE_MAX due to unsigned integer underflow. Due to pointer arithmetic wrapping, SIZE_MAX effectively becomes -1, causing a write exactly 1 byte before the allocated buffer. This corrupts heap metadata (e.g., the chunk size field in glibc malloc), leading to heap corruption. This issue has been patched in version 4.14.4.

Buffer Underflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-124 - Buffer Underwrite ('Buffer Underflow')
The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

Vulnerability Media Exposure

[GERMAN] IT-Sicherheitsplattform: Anreifer können Wazuh kompromittieren
In der aktuellen Wazuh-Version haben die Entwickler mehrere Schwachstellen geschlossen. Es kann Schadcode auf Systeme gelangen.
Published: 2026-04-29T12:20:00+00:00

References

https://github.com/wazuh/wazuh/releases/tag/v4.14.4

https://github.com/wazuh/wazuh/security/advisories/GHSA-qvqj-p8mm-r7h3