Cyber Resilience

CVE-2026-32983

MediumPublic PoC

Published: 27 March 2026

Published
27 March 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0016 37.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32983 is a medium-severity Incorrect Default Permissions (CWE-276) vulnerability in Wazuh Wazuh. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Service Exhaustion Flood (T1499.002); ranked at the 37.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2026-32983 is an improper restriction of client-initiated SSL/TLS renegotiation vulnerability (CWE-276) in the Wazuh Manager authd service, affecting wazuh-manager packages through version 4.7.3. Published on 2026-03-27, this flaw enables remote attackers to trigger a denial of service by sending excessive renegotiation requests, which consume CPU resources and render the authd service unavailable. The vulnerability carries a CVSS v3.1 base score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).

Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By flooding the authd service with renegotiation requests due to the absence of limits, attackers achieve resource exhaustion, specifically high CPU usage, leading to service denial and disruption of Wazuh Manager's authentication functionality.

Advisories including GHSA-rr83-v9v7-jjhp on GitHub and the VulnCheck advisory at https://www.vulncheck.com/advisories/ssl-tls-renegotiation-dos-in-wazuh-manager-authd-service provide details on mitigation, such as upgrading to patched versions beyond 4.7.3.

EU & UK References

Vulnerability details

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of…

more

renegotiation limits to consume CPU resources and render the authd service unavailable.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.002 Service Exhaustion Flood Impact
Adversaries may target the different network services provided by systems to conduct a denial of service (DoS).
Why these techniques?

The vulnerability directly enables a service exhaustion flood (T1499.002) by allowing unauthenticated remote attackers to send excessive SSL/TLS renegotiation requests that consume CPU resources and deny availability of the authd service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-15615Same product: Wazuh Wazuh
CVE-2024-35177Same product: Wazuh Wazuh
CVE-2026-28221Same product: Wazuh Wazuh
CVE-2024-47770Same product: Wazuh Wazuh
CVE-2026-25772Same product: Wazuh Wazuh
CVE-2025-30201Same product: Wazuh Wazuh
CVE-2026-25769Same product: Wazuh Wazuh
CVE-2026-30893Same product: Wazuh Wazuh
CVE-2026-25771Same product: Wazuh Wazuh
CVE-2025-62786Same product: Wazuh Wazuh

Affected Assets

wazuh
wazuh
≤ 4.7.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires denial-of-service protections that limit the effects of excessive client-initiated SSL/TLS renegotiation requests causing CPU exhaustion.

prevent

Protects system resource availability by monitoring and enforcing policies against exhaustion from unlimited renegotiation requests in the authd service.

prevent

Mandates timely identification, reporting, and correction of flaws like the improper renegotiation restriction, enabling patching to versions beyond 4.7.3.

References