Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-56401

MEDIUM NVD
CVSS Score 6.5
Severity MEDIUM
Published Jul 08, 2026
Vendor unknown

Description

Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventory_sync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing data->id()->string_view() without null validation, resulting in denial of service.

References