Path Traversal Vulnerability in Wazuh's Cluster Synchronization Feature
CVE-2026-30893

9CRITICAL

Key Information:

Vendor: Wazuh
Status: Wazuh
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-30893?

A path traversal vulnerability exists in Wazuh's cluster synchronization extraction routine, allowing authenticated cluster peers to write arbitrary files outside the designated extraction directory on other cluster nodes. This vulnerability can lead to code execution within the Wazuh service context due to the overwriting of Python modules utilized by Wazuh components. When the cluster daemon operates with elevated privileges, there is a risk of system-level compromise. Users are encouraged to upgrade to version 4.14.4, where this issue has been addressed.

Affected Version(s)

wazuh >= 4.4.0, < 4.14.4

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-m...

x_refsource_CONFIRM

https://github.com/wazuh/wazuh/releases/tag/v4.14.4

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Mar 6, 2026

CVE-2026-30893 Data

JSON