Tomas Turina

1 exploit Active since Jul 2026
CVE-2026-56401 WRITEUP MEDIUM WRITEUP
Wazuh - NULL Pointer Dereference in inventory_sync DataValue FlatBuffer Handling
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventory_sync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing data->id()->string_view() without null validation, resulting in denial of service.
CVSS 6.5