PatchSiren cyber security CVE debrief
CVE-2026-33754 wazuh CVE debrief
CVE-2026-33754 is a denial of service vulnerability in Wazuh's cluster protocol parser. A remote attacker can trigger memory exhaustion by sending a crafted message header with an arbitrarily large payload length, allowing unauthenticated denial of service of the cluster service. This issue affects Wazuh versions 3.9.0 and above, prior to 4.14.5. Users should apply the patch to prevent denial of service attacks. The vulnerability has a CVSS score of 6.5 and is considered Medium severity.
- Vendor
- wazuh
- Product
- Unknown
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of Wazuh versions 3.9.0 and above, prior to 4.14.5, should apply the patch to prevent denial of service attacks. Wazuh administrators, security teams, and operators responsible for cluster service management should review the vulnerability and take necessary actions to protect their systems.
Technical summary
In Wazuh versions 3.9.0 and above, prior to 4.14.5, a remote attacker can trigger memory exhaustion in the cluster protocol parser by sending a crafted message header with an arbitrarily large payload length. The length is trusted before authentication/decryption and used directly to allocate memory, allowing unauthenticated denial of service of the cluster service. This vulnerability can be exploited by sending a specially crafted message header.
Defensive priority
Medium priority due to CVSS score of 6.5 and potential for denial of service attacks.
Recommended defensive actions
- Apply the patch to upgrade to Wazuh version 4.14.5 or later
- Restrict access to the cluster service to trusted sources
- Monitor cluster service logs for suspicious activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-17T00:16:25.383Z and has not been modified since then. The NVD entry is currently 6.5 (Medium). Evidence is limited to CVE and NVD details. Defenders should verify Wazuh cluster service exposure and review official advisories for affected scope and vendor guidance.
Official resources
-
CVE-2026-33754 CVE record
CVE.org
-
CVE-2026-33754 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T00:16:25.383Z and has not been modified since then.