Vulnerability in Wazuh

CVE-2026-56699

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operation…

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

  • Wazuh — versions 5.0.0-beta1, 5.0.0-beta3

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-56699?
CVE-2026-56699 is a critical-severity vulnerability in Wazuh, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 10.0/10. Published 2026-07-15.
How severe is CVE-2026-56699?
Critical severity. CVSS v3 base score is 10.0 out of 10.