Improper SSL/TLS Renegotiation Weakness in Wazuh Manager Authd Service
CVE-2026-32983

6.9MEDIUM

Key Information:

Vendor: Wazuh
Status: Wazuh-manager
Vendor: CVE Published:; 27 March 2026

What is CVE-2026-32983?

The Wazuh Manager's authd service is susceptible to a vulnerability that allows remote attackers to exploit an improper restriction of client-initiated SSL/TLS renegotiation. Attackers can send excessive renegotiation requests, overwhelming the service and leading to a denial of service. This weakness can cause significant CPU resource consumption, making the authd service unavailable to legitimate users, thereby affecting overall system functionality.

Affected Version(s)

wazuh-manager <= 4.7.3 <= 4.7.3

wazuh-manager >= 4.8.0 >= 4.8.0

References

https://github.com/advisories/GHSA-rr83-v9v7-jjhp

vendor-advisory

https://www.vulncheck.com/advisories/ssl-tls-renegotiatio...

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Mar 17, 2026

Credit

Published by @vikman90.

CVE-2026-32983 Data

JSON