Zero Day MonitorZDM

← Back to list

3.5

CVE-2026-32984EXPLOITED

wazuh · wazuh

Heap buffer overflow in wazuh-authd

Description

A vulnerability marked as problematic has been reported in Wazuh 3.5.0/4.3.10. This impacts an unknown function of the component authd. The manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2026-32984. Remote exploitation of the attack is possible.

Affected Products

Vendor	Product	Versions
wazuh	wazuh	3.5.0, 4.3.10

References

https://github.com/advisories/GHSA-grjq-p5fg-m24r(vendor-advisory)
https://www.vulncheck.com/advisories/heap-buffer-overflow-in-wazuh-authd(third-party-advisory)

Related News (1 articles)

Tier C

VulDB3d ago

CVE-2026-32984 | Wazuh 3.5.0/4.3.10 authd out-of-bounds

→ No new info (linked only)

CVSS 3.13.5 LOW

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-125

Published3/27/2026

Last enriched3d agov2

Trending Score24

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-15615EXP

Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service

NONECVE-2023-7340EXP

Wazuh authd service (os_auth) Heap-based Buffer Overflow

CRITICALCVE-2025-15616EXP

Wazuh Agent and Manager OS Command Injection and Untrusted Search Path

CRITICALCVE-2025-15612

Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

HIGHCVE-2025-15617

Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 27, 2026

Actively Exploited

Mar 27, 2026

Discovered by ZDM

Mar 27, 2026

Updated: description, severity, activelyExploited

Mar 27, 2026

Version History

v2

Last enriched 3d ago

v2Tier C3d ago

Updated description with new details, changed severity to HIGH, and marked the vulnerability as actively exploited.

descriptionseverityactivelyExploited

via VulDB

v13d ago

Initial creation