{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32983", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-17T11:31:56.956Z", "datePublished": "2026-03-27T15:44:30.671Z", "dateUpdated": "2026-03-27T15:44:30.671Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-27T15:44:30.671Z"}, "title": "SSL/TLS Renegotiation DoS in Wazuh Manager authd service", "descriptions": [{"lang": "en", "value": "Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "type": "CWE"}]}], "affected": [{"vendor": "Wazuh", "product": "wazuh-manager", "packageName": "wazuh-manager (deb)", "versions": [{"version": "<= 4.7.3", "status": "affected", "versionType": "semver"}, {"version": ">= 4.8.0", "status": "unaffected", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Wazuh", "product": "wazuh-manager", "packageName": "wazuh-manager (rpm)", "versions": [{"version": "<= 4.7.3", "status": "affected", "versionType": "semver"}, {"version": ">= 4.8.0", "status": "unaffected", "versionType": "semver"}], "defaultStatus": "unaffected"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}}], "references": [{"url": "https://github.com/advisories/GHSA-rr83-v9v7-jjhp", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/ssl-tls-renegotiation-dos-in-wazuh-manager-authd-service", "tags": ["third-party-advisory"]}], "credits": [{"lang": "en", "value": "Published by @vikman90.", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}, "impacts": [{"descriptions": [{"lang": "en", "value": "The Wazuh Manager authd service does not properly restrict client-initiated SSL/TLS renegotiation, which may allow remote attackers to cause a denial of service through CPU consumption by performing repeated renegotiations within a single connection."}]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable."}], "id": "CVE-2026-32983", "lastModified": "2026-03-27T16:16:24.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-27T16:16:24.297", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/advisories/GHSA-rr83-v9v7-jjhp"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ssl-tls-renegotiation-dos-in-wazuh-manager-authd-service"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T17:23:53.997140+00:00", "value": {"mitigation_remediation": ["Upgrade Wazuh Manager to a version newer than 4.7.3.", "If upgrading is not immediately possible, reconfigure the authd service to disable or limit SSL/TLS renegotiation requests.", "Monitor authentication service CPU usage for abnormal spikes and ensure high availability measures are in place."], "summary": {"action": "Apply Patch", "impact": "Denial of Service via SSL/TLS Renegotiation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Wazuh Manager (wazuh-manager) product for all versions up to and including 4.7.3. Systems running these versions are susceptible to the DoS condition unless they are upgraded.", "description_and_impact": "The Wazuh Manager authd service accepts SSL/TLS renegotiation requests from clients without imposing limits. An attacker can repeatedly initiate renegotiation, causing the server to consume significant CPU resources and eventually become unresponsive, leading to a denial of service. This weakness allows a remote adversary to disrupt authentication services and potentially impact the overall availability of the Wazuh monitoring stack.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate risk. Although EPSS data is not available and the issue is not listed in the CISA KEV catalog, the remote nature of the attack and the lack of mitigations make exploitation plausible. Vulnerable deployments should be considered at high risk until patched or mitigated."}}}}, "created": "2026-03-27T20:28:15.908644+00:00", "updated": "2026-03-27T20:28:15.908692+00:00", "vendors": []}