CVE-2026-32983
Published: 27 March 2026
Summary
CVE-2026-32983 is a medium-severity Incorrect Default Permissions (CWE-276) vulnerability in Wazuh Wazuh. Its CVSS base score is 5.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Service Exhaustion Flood (T1499.002); ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires denial-of-service protections that limit the effects of excessive client-initiated SSL/TLS renegotiation requests causing CPU exhaustion.
Protects system resource availability by monitoring and enforcing policies against exhaustion from unlimited renegotiation requests in the authd service.
Mandates timely identification, reporting, and correction of flaws like the improper renegotiation restriction, enabling patching to versions beyond 4.7.3.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables a service exhaustion flood (T1499.002) by allowing unauthenticated remote attackers to send excessive SSL/TLS renegotiation requests that consume CPU resources and deny availability of the authd service.
NVD Description
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of…
more
renegotiation limits to consume CPU resources and render the authd service unavailable.
Deeper analysisAI
CVE-2026-32983 is an improper restriction of client-initiated SSL/TLS renegotiation vulnerability (CWE-276) in the Wazuh Manager authd service, affecting wazuh-manager packages through version 4.7.3. Published on 2026-03-27, this flaw enables remote attackers to trigger a denial of service by sending excessive renegotiation requests, which consume CPU resources and render the authd service unavailable. The vulnerability carries a CVSS v3.1 base score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).
Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By flooding the authd service with renegotiation requests due to the absence of limits, attackers achieve resource exhaustion, specifically high CPU usage, leading to service denial and disruption of Wazuh Manager's authentication functionality.
Advisories including GHSA-rr83-v9v7-jjhp on GitHub and the VulnCheck advisory at https://www.vulncheck.com/advisories/ssl-tls-renegotiation-dos-in-wazuh-manager-authd-service provide details on mitigation, such as upgrading to patched versions beyond 4.7.3.
Details
- CWE(s)