PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56401 Wazuh CVE debrief

CVE-2026-56401 is a high-severity vulnerability in Wazuh wazuh-modulesd before 5.0.0-beta3. The vulnerability is caused by a null pointer dereference in inventory_sync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing data->id()->string_view() without null validation, resulting in denial of service. This vulnerability has a high CVSS score of 7.1 and can result in denial of service. Users of Wazuh wazuh-modulesd before 5.0.0-beta3 should be aware of this vulnerability and take steps to mitigate it.

Vendor
Wazuh
Product
Unknown
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-09
Advisory published
2026-07-08
Advisory updated
2026-07-09

Who should care

Users of Wazuh wazuh-modulesd before 5.0.0-beta3 should be aware of this vulnerability and take steps to mitigate it. This vulnerability has a high CVSS score of 7.1 and can result in denial of service. Operators, platform administrators, vulnerability management teams, and security teams should review their deployments and take action to mitigate this vulnerability.

Technical summary

The vulnerability is caused by a null pointer dereference in inventory_sync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing data->id()->string_view() without null validation. This results in denial of service. The vulnerability has a CVSS score of 7.1 and a CVSS severity of HIGH. Users of Wazuh wazuh-modulesd before 5.0.0-beta3 should verify their deployments and take steps to mitigate this vulnerability.

Defensive priority

High priority should be given to mitigating this vulnerability, as it can result in denial of service and has a high CVSS score.

Recommended defensive actions

  • Inventory and verify Wazuh wazuh-modulesd versions before 5.0.0-beta3
  • Apply patches or updates to Wazuh wazuh-modulesd to version 5.0.0-beta3 or later
  • Monitor Wazuh wazuh-modulesd for suspicious activity
  • Implement compensating controls to prevent exploitation
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-08T14:17:17.167Z and was last modified on 2026-07-09T17:18:40.023Z. The NVD entry is currently Analyzed. This vulnerability has a high CVSS score of 7.1 and can result in denial of service. Users of Wazuh wazuh-modulesd before 5.0.0-beta3 should verify their deployments and take steps to mitigate this vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T14:17:17.167Z and has not been modified since then. The NVD entry is currently Analyzed.