CVE-2026-56699

Source
https://cve.org/CVERecord?id=CVE-2026-56699
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56699.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-56699
Aliases
  • GHSA-ff9g-85jq-r3g3
Published
2026-07-15T11:25:32.119Z
Modified
2026-07-17T03:47:25.582481468Z
Severity
  • 10.0 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
Summary
Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index
Details

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin credentials, enabling document deletion, alert tampering, and cross-agent SIEM state manipulation.

Database specific
{
    "cwe_ids": [
        "CWE-74"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56699.json",
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/wazuh/wazuh

Affected ranges

Type
GIT
Repo
https://github.com/wazuh/wazuh
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "5.0.0-beta1"
        },
        {
            "fixed": "5.0.0-beta3"
        },
        {
            "introduced": "0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION"
    ]
}

Affected versions

v5.*
v5.0.0-beta1
v5.0.0-beta2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56699.json"