What is CVE-2021-26814?

CVE-2021-26814 is a vulnerability in N/a. Published 2021-03-06.

Is CVE-2021-26814 known to be exploited?

27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-26814

Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager…

EPSS: 0.640 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

WickdDavid/CVE-2021-26814
CYS4srl/CVE-2021-26814
paolorabbito/Internet-Security-Project---CVE-2021-26814
0day404/vulnerability-poc
ARPSyndicate/cvemon
EdgeSecurityTeam/Vulnerability
J1ezds/Vulnerability-Wiki-page
KayCHENvip/vulnerability-poc
NaInSec/CVE-PoC-in-GitHub
SYRTI/POC_

References

documentation.wazuh.com/4.0/release-notes/release_4_0_4.html (x_refsource_MISC)
github.com/wazuh/wazuh/releases/tag/v4.0.4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-26814?: CVE-2021-26814 is a vulnerability in N/a. Published 2021-03-06.
Is CVE-2021-26814 known to be exploited?: 27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.