wid-sec-w-2026-0908 · Published 2026-03-29 · View on BSI CERT-Bund ↗

Wazuh: Multiple Vulnerabilities

CVSS 8.3 HIGH

Risk Summary

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.

CVEs (7)

CVE-2023-7340 CVE-2026-32984 CVE-2025-15612 CVE-2025-15615 CVE-2026-32983 CVE-2025-15616 CVE-2025-15617

Affected Vendors

Open Source

Affected Products (10)

Open Source · Wazuh <4.13.0

Open Source · Wazuh 4.13.0

Open Source · Wazuh <4.3.11

Open Source · Wazuh 4.3.11

Open Source · Wazuh <4.14.0

Open Source · Wazuh 4.14.0

Open Source · Wazuh Manager <4.8.0

Open Source · Wazuh Manager 4.8.0

Open Source · Wazuh Agent <4.8.0

Open Source · Wazuh Agent 4.8.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more