Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sat, 18 Jul 2026 04:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 02:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wazuh
Wazuh wazuh |
|
| Vendors & Products |
Wazuh
Wazuh wazuh |
Fri, 17 Jul 2026 00:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 4.6.0 and above, prior to 4.14.5, a logic error in CheckRateLimitsMiddleware.dispatch() causes the /events endpoint rate check to unconditionally overwrite the general rate limit result. When the global max_request_per_minute is exceeded, requests to /events still succeed if the events-specific counter (hardcoded 30/min) has not been reached. This allows event injection into analysisd beyond the admin-configured global rate limit. This issue has been fixed in version 4.14.5. | |
| Title | Wazuh: Rate Limit Bypass via /events Endpoint | |
| Weaknesses | CWE-799 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-18T03:22:04.345Z
Reserved: 2026-03-19T18:45:22.436Z
Link: CVE-2026-33434
Updated: 2026-07-18T03:21:59.913Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T02:30:08Z