CVE-2026-30893CRITICAL 9.9EPSS p31.5%

CVE-2026-30893CVE-2026-30893

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. This can be escalated to code execution in the Wazuh service context by overwriting Python modules loaded by Wazuh components (proof of concept available as separate attachment). In deployments where the cluster daemon runs with elevated privileges, system-level compromise is possible. This issue has been patched in version 4.14.4.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.40% probability of exploitation · percentile 31.5% · 2026-06-19T12:03:05Z
Published2026-04-29
Last modified2026-04-30

Underlying weaknesses· 2

CWE-22CWE-73

References

  1. https://github.com/wazuh/wazuh/releases/tag/v4.14.4
  2. https://github.com/wazuh/wazuh/security/advisories/GHSA-m8rw-v4f6-8787
  3. https://github.com/wazuh/wazuh/security/advisories/GHSA-m8rw-v4f6-8787

2

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live
WeaknessExternal Control of File Name or Pathcwe-730%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25769
CVE
CVE-2025-30201
CVE
CVE-2025-62786
CVE
CVE-2026-28221
CVE
Wazuh Server Deserialization of Untrusted Data Vulnerability
CVE
CVE-2025-15612
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.