CVE-2026-30893 - Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer
CVE ID :CVE-2026-30893 Published : April 29, 2026, 7:16 p.m. | 24 minutes ago Description :Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronizatio
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] SWEAT protocol thwarts multi-million dollar exploit, restores user balances
- [CYBER] CVE-2026-7408 - SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection
- [CYBER] CVE-2026-7407 - SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection
- [CYBER] CVE-2026-7404 - getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal
- [CYBER] CVE-2026-7403 - geldata gel-mcp server.py fetch_rule path traversal
- [CYBER] CVE-2026-1858 - wget2 Improper Certificate Validation