CVE-2026-26206 - Wazuh: API brute-force protection bypass via race condition in login attempt tracking
CVE ID :CVE-2026-26206 Published : April 29, 2026, 7:16 p.m. | 24 minutes ago Description :Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/use
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] SWEAT protocol thwarts multi-million dollar exploit, restores user balances
- [CYBER] CVE-2026-7408 - SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection
- [CYBER] CVE-2026-7407 - SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection
- [CYBER] CVE-2026-7404 - getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal
- [CYBER] CVE-2026-7403 - geldata gel-mcp server.py fetch_rule path traversal
- [CYBER] CVE-2026-1858 - wget2 Improper Certificate Validation