Vulnerability DatabaseWS-2026-0009
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2026-0009
Published:June 08, 2026
Updated:June 15, 2026
Enrolled agent can smuggle arbitrary OpenSearch _bulk operations via DataValue.index (NDJSON injection in inventory_sync) in Wazuh Manager. Affects 5.0.0-beta1 and 5.0.0-beta2. Fix merged to main in commit 9939780588029e9a20db6c8f83bb19b8885d9114 ('Detect unsafe payload and discard events'); announced fix release 5.0.0-beta3 is NOT yet tagged/published in the repo (only alpha0/beta1/beta2 exist). No installable fixed release yet — interim mitigation: downscope the manager indexer keystore role off admin/all_access. 4.x not affected (inventory_sync introduced in 5.0).
Related Resources (1)
https://github.com/wazuh/wazuh/security/advisories/GHSA-ff9g-85jq-r3g3
Do you need more information?
Contact Us
CVSS v4
Base Score:
10
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH