CVE-2026-32984

LOW

Heap buffer overflow in wazuh-authd

Title source: cna

Description

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.

References (2)

[Vendor Advisory] https://github.com/advisories/GHSA-grjq-p5fg-m24r

[Third Party Advisory] https://www.vulncheck.com/advisories/heap-buffer-overflow-in-wazuh-authd

Scores

CVSS v3 3.5

EPSS 0.0010

EPSS Percentile 26.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (4)

wazuh/wazuh 4.3.10

wazuh/wazuh < 3.5.0

Wazuh/Wazuh 3.5.0

Wazuh/Wazuh 4.3.10

Published Mar 27, 2026

Tracked Since Mar 29, 2026