Null Pointer Dereference in Wazuh Inventory Sync Module
CVE-2026-56401

7.1HIGH

Key Information:

Vendor

Wazuh

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-56401?

The inventory_sync module of Wazuh prior to version 5.0.0-beta3 is susceptible to a null pointer dereference vulnerability. This occurs when an enrolled agent sends a DataValue message that excludes the optional id field. Without proper null validation, the attempt to dereference data->id()->string_view() leads to a crash of the wazuh-modulesd process, effectively resulting in a denial of service. Organizations using affected versions should prioritize upgrading to mitigate this risk.

Affected Version(s)

Wazuh 0 < 5.0.0-beta3

Wazuh 5.0.0-beta3

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

kocaemre
vikman90
.