PatchSiren cyber security CVE debrief
CVE-2026-44251 wazuh CVE debrief
CVE-2026-44251 is a remote denial of service vulnerability in Wazuh versions 3.0.0 and above, prior to 4.14.5. A size_t integer underflow in os_crypto/shared/msgs.c:389 allows any enrolled Wazuh agent to crash the wazuh-remoted process on the manager, immediately disconnecting all agents from the manager. A second code path reached by the same underflow may allow heap memory corruption. The issue has been fixed in version 4.14.5. Users of affected versions should apply the patch and monitor for signs of exploitation.
- Vendor
- wazuh
- Product
- Unknown
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of Wazuh versions 3.0.0 and above, prior to 4.14.5, should be aware of this vulnerability and take steps to mitigate it. This includes administrators, security teams, and operators responsible for Wazuh installations.
Technical summary
A size_t integer underflow in os_crypto/shared/msgs.c:389 allows any enrolled Wazuh agent to crash the wazuh-remoted process on the manager, immediately disconnecting all agents from the manager. A second code path reached by the same underflow may allow heap memory corruption. The vulnerability affects Wazuh versions 3.0.0 and above, prior to 4.14.5. The issue has been fixed in version 4.14.5. This vulnerability can be exploited by any enrolled Wazuh agent, and users of affected versions should apply the patch and monitor for signs of exploitation. It is recommended that administrators and security teams review and verify the affected scope and severity with the vendor, and implement compensating controls to detect and prevent exploitation.
Defensive priority
Medium
Recommended defensive actions
- Inventory Wazuh installations to identify those that are vulnerable.
- Apply the patch from version 4.14.5 to fix the vulnerability.
- Monitor Wazuh logs for signs of exploitation.
- Implement compensating controls to detect and prevent exploitation.
- Review and verify the affected scope and severity with the vendor.
- Track exceptions and retest remediated assets.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-07-17T02:18:05.973Z and has not been modified since then. The NVD entry is currently 6.5 MEDIUM. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability affects Wazuh versions 3.0.0 and above, prior to 4.14.5.
Official resources
-
CVE-2026-44251 CVE record
CVE.org
-
CVE-2026-44251 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:05.973Z and has not been modified since then.