CVE-2026-41499
MEDIUMDescription
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse_uname_string() (remoted_op.c). This function processes OS identification data from agents and contains a dangerous code pattern that appears in 4 locations within the same function: writing to strlen(ptr) - 1 without checking for empty strings. When the string is empty, strlen() returns 0, and 0 - 1 wraps to SIZE_MAX due to unsigned integer underflow. Due to pointer arithmetic wrapping, SIZE_MAX effectively becomes -1, causing a write exactly 1 byte before the allocated buffer. This corrupts heap metadata (e.g., the chunk size field in glibc malloc), leading to heap corruption. This issue has been patched in version 4.14.4.
Is your site exposed to CVE-2026-41499?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| wazuh | wazuh |
References
Frequently Asked Questions
What is CVE-2026-41499? +
How severe is CVE-2026-41499? +
What products are affected by CVE-2026-41499? +
How do I check if I'm vulnerable to CVE-2026-41499? +
Related Vulnerabilities
Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out …
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: …
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through …
Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network …
Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network …
A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in …