← العودة للجدول
CVE-2026-56699
CVE-2026-56699 — Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when
📅 2026-07-15
🔴 Critical 🔥 No NVD Vulnerability Vulnerability CVSS 10

📋 الوصف الكامل

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin credentials, enabling document deletion, alert tampering, and cross-agent SIEM state manipulation.

💻 الأنظمة المتأثرة

⚠️ نوع التهديد

Vulnerability

🔗 CVE ID

CVE-2026-56699

📡 المصدر

NVD

✅ الحلول والتخفيف

Refer to CVE-2026-56699 NVD advisory

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ← 🔍 Valters IT ←