Vulnerability Details CVE-2026-25790
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment (SCA) decoder (`wazuh-analysisd`). The use of `sprintf` with a floating-point (`%lf`) format specifier on a fixed-size 128-byte buffer allows a remote attacker to overflow the stack. A specially crafted JSON event can trigger this overflow, leading to a denial of service (crash) or potential RCE on the Wazuh manager. The vulnerability is located in `/src/analysisd/decoders/security_configuration_assessment.c`, within the `FillScanInfo` and `FillCheckEventInfo` functions. In multiple locations, a 128-byte buffer (`char value[OS_SIZE_128];`) is allocated on the stack to hold the string representation of a number from a JSON event. The code checks if the number is an integer or a double. If it's a double, it uses `sprintf(value, "%lf", ...)` to perform the conversion. This `sprintf` call is unbounded. If a floating-point number with a large exponent (e.g., `1.0e150`) is provided, `sprintf` will attempt to write its full string representation (a "1" followed by 150 zeros), which is larger than the 128-byte buffer, corrupting the stack. Version 4.14.3 patches the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.1%
CVSS Severity
CVSS v3 Score 4.9
References
Products affected by CVE-2026-25790
-
cpe:2.3:a:wazuh:wazuh:3.10.0
-
cpe:2.3:a:wazuh:wazuh:3.10.1
-
cpe:2.3:a:wazuh:wazuh:3.10.2
-
cpe:2.3:a:wazuh:wazuh:3.11.0
-
cpe:2.3:a:wazuh:wazuh:3.11.1
-
cpe:2.3:a:wazuh:wazuh:3.11.2
-
cpe:2.3:a:wazuh:wazuh:3.11.3
-
cpe:2.3:a:wazuh:wazuh:3.11.4
-
cpe:2.3:a:wazuh:wazuh:3.11.5
-
cpe:2.3:a:wazuh:wazuh:3.12.0
-
cpe:2.3:a:wazuh:wazuh:3.12.1
-
cpe:2.3:a:wazuh:wazuh:3.12.2
-
cpe:2.3:a:wazuh:wazuh:3.12.3
-
cpe:2.3:a:wazuh:wazuh:3.13.0
-
cpe:2.3:a:wazuh:wazuh:3.13.1
-
cpe:2.3:a:wazuh:wazuh:3.13.2
-
cpe:2.3:a:wazuh:wazuh:3.13.3
-
cpe:2.3:a:wazuh:wazuh:3.9.0
-
cpe:2.3:a:wazuh:wazuh:3.9.1
-
cpe:2.3:a:wazuh:wazuh:3.9.2
-
cpe:2.3:a:wazuh:wazuh:3.9.3
-
cpe:2.3:a:wazuh:wazuh:3.9.4
-
cpe:2.3:a:wazuh:wazuh:3.9.5
-
cpe:2.3:a:wazuh:wazuh:4.0.0
-
cpe:2.3:a:wazuh:wazuh:4.0.1
-
cpe:2.3:a:wazuh:wazuh:4.0.2
-
cpe:2.3:a:wazuh:wazuh:4.0.3
-
cpe:2.3:a:wazuh:wazuh:4.0.4
-
cpe:2.3:a:wazuh:wazuh:4.1.0
-
cpe:2.3:a:wazuh:wazuh:4.1.1
-
cpe:2.3:a:wazuh:wazuh:4.1.2
-
cpe:2.3:a:wazuh:wazuh:4.1.3
-
cpe:2.3:a:wazuh:wazuh:4.1.4
-
cpe:2.3:a:wazuh:wazuh:4.1.5
-
cpe:2.3:a:wazuh:wazuh:4.10.0
-
cpe:2.3:a:wazuh:wazuh:4.10.1
-
cpe:2.3:a:wazuh:wazuh:4.10.2
-
cpe:2.3:a:wazuh:wazuh:4.10.3
-
cpe:2.3:a:wazuh:wazuh:4.11.0
-
cpe:2.3:a:wazuh:wazuh:4.11.1
-
cpe:2.3:a:wazuh:wazuh:4.11.2
-
cpe:2.3:a:wazuh:wazuh:4.12.0
-
cpe:2.3:a:wazuh:wazuh:4.13.0
-
cpe:2.3:a:wazuh:wazuh:4.13.1
-
cpe:2.3:a:wazuh:wazuh:4.14.0
-
cpe:2.3:a:wazuh:wazuh:4.14.1
-
cpe:2.3:a:wazuh:wazuh:4.2.0
-
cpe:2.3:a:wazuh:wazuh:4.2.1
-
cpe:2.3:a:wazuh:wazuh:4.2.2
-
cpe:2.3:a:wazuh:wazuh:4.2.3
-
cpe:2.3:a:wazuh:wazuh:4.2.4
-
cpe:2.3:a:wazuh:wazuh:4.2.5
-
cpe:2.3:a:wazuh:wazuh:4.2.6
-
cpe:2.3:a:wazuh:wazuh:4.2.7
-
cpe:2.3:a:wazuh:wazuh:4.3.0
-
cpe:2.3:a:wazuh:wazuh:4.3.1
-
cpe:2.3:a:wazuh:wazuh:4.3.10
-
cpe:2.3:a:wazuh:wazuh:4.3.11
-
cpe:2.3:a:wazuh:wazuh:4.3.2
-
cpe:2.3:a:wazuh:wazuh:4.3.3
-
cpe:2.3:a:wazuh:wazuh:4.3.4
-
cpe:2.3:a:wazuh:wazuh:4.3.5
-
cpe:2.3:a:wazuh:wazuh:4.3.6
-
cpe:2.3:a:wazuh:wazuh:4.3.7
-
cpe:2.3:a:wazuh:wazuh:4.3.8
-
cpe:2.3:a:wazuh:wazuh:4.3.9
-
cpe:2.3:a:wazuh:wazuh:4.4.0
-
cpe:2.3:a:wazuh:wazuh:4.4.1
-
cpe:2.3:a:wazuh:wazuh:4.4.2
-
cpe:2.3:a:wazuh:wazuh:4.4.3
-
cpe:2.3:a:wazuh:wazuh:4.4.4
-
cpe:2.3:a:wazuh:wazuh:4.4.5
-
cpe:2.3:a:wazuh:wazuh:4.5.0
-
cpe:2.3:a:wazuh:wazuh:4.5.1
-
cpe:2.3:a:wazuh:wazuh:4.5.2
-
cpe:2.3:a:wazuh:wazuh:4.5.3
-
cpe:2.3:a:wazuh:wazuh:4.5.4
-
cpe:2.3:a:wazuh:wazuh:4.6.0
-
cpe:2.3:a:wazuh:wazuh:4.7.0
-
cpe:2.3:a:wazuh:wazuh:4.7.1
-
cpe:2.3:a:wazuh:wazuh:4.7.2
-
cpe:2.3:a:wazuh:wazuh:4.7.3
-
cpe:2.3:a:wazuh:wazuh:4.7.4
-
cpe:2.3:a:wazuh:wazuh:4.7.5
-
cpe:2.3:a:wazuh:wazuh:4.8.0
-
cpe:2.3:a:wazuh:wazuh:4.8.1
-
cpe:2.3:a:wazuh:wazuh:4.8.2
-
cpe:2.3:a:wazuh:wazuh:4.9.0
-
cpe:2.3:a:wazuh:wazuh:4.9.1
-
cpe:2.3:a:wazuh:wazuh:4.9.2