Null Pointer Dereference in Wazuh Inventory Sync Module
CVE-2026-56401
7.1HIGH
What is CVE-2026-56401?
The inventory_sync module of Wazuh prior to version 5.0.0-beta3 is susceptible to a null pointer dereference vulnerability. This occurs when an enrolled agent sends a DataValue message that excludes the optional id field. Without proper null validation, the attempt to dereference data->id()->string_view() leads to a crash of the wazuh-modulesd process, effectively resulting in a denial of service. Organizations using affected versions should prioritize upgrading to mitigate this risk.
Affected Version(s)
Wazuh 0 < 5.0.0-beta3
Wazuh 5.0.0-beta3
