Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 15 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin credentials, enabling document deletion, alert tampering, and cross-agent SIEM state manipulation. | |
| Title | Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index | |
| First Time appeared |
Wazuh
Wazuh wazuh |
|
| Weaknesses | CWE-74 | |
| CPEs | cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Wazuh
Wazuh wazuh |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-15T12:42:22.159Z
Reserved: 2026-06-22T17:09:16.556Z
Link: CVE-2026-56699
Updated: 2026-07-15T12:42:05.172Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-15T20:45:15Z