Overview
A critical vulnerability (CVSS 10.0) in Wazuh Manager 5.0 beta releases allows any enrolled agent — without authentication — to inject arbitrary NDJSON operations into the manager's OpenSearch bulk API requests. Tracked as CVE-2026-56699 and also published as GitHub Advisory GHSA-ff9g-85jq-r3g3, this flaw gives attacker-controlled agents the ability to delete security logs, tamper with vulnerability data, and inject malicious payloads into analyst dashboards — all executed under the manager's high-privilege OpenSearch admin credentials.
Affected Versions
- Wazuh Manager 5.0.0-beta1
- Wazuh Manager 5.0.0-beta2
Wazuh 4.x is not affected. The vulnerable code path lives in the new inventory synchronization pipeline introduced in the 5.0 beta series and does not exist in older branches.
Technical Details
The vulnerability resides in Wazuh 5.0's new inventory sync module (indexerConnectorSyncImpl.hpp). When agents forward flatbuffer data to the manager, the DataValue.index field is embedded directly into OpenSearch _bulk API NDJSON request bodies without escaping or input validation.
The _id field in the same code path is correctly sanitized — but _index is not. By embedding newline characters (\n) into the index field, an attacker can break out of the intended NDJSON structure and inject new, arbitrary operation lines. Those injected operations execute under the manager's OpenSearch credentials, which default to the admin account with the all_access role stored in the Wazuh keystore.
CWE Classifications
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
- CWE-93: Improper Neutralization of CRLF Sequences (CRLF Injection)
- CWE-863: Incorrect Authorization
Attack Vector
Exploitation requires no prior authentication. By default, wazuh-authd permits anonymous agent enrollment over standard agent communication channels (TCP ports 1514/1515). A proof-of-concept demonstrated full exploitation in under 10 seconds over those standard channels.
Attack Scenarios
- Evidence destruction: Inject
deleteoperations againstwazuh-alerts-*indices to erase security event logs before or during an incident. - Data manipulation: Overwrite or corrupt vulnerability scan results and agent inventory data.
- Persistent dashboard payloads: Inject malicious content into
.kibana_1dashboard objects, which analysts view during investigations.
Remediation
Upgrade to Wazuh Manager 5.0.0-beta3, which patches the vulnerability by properly escaping the _index field in the OpenSearch bulk request builder.
For environments that cannot immediately upgrade, the Wazuh team recommends a three-layer defence:
- Escape at the sink — Ensure all index name values are sanitized in
indexerConnectorSyncImpl.hppbefore inclusion in bulk requests. - Boundary validation — Validate agent-supplied index names against an allowlist in
inventorySyncFacade.hpp. - Least-privilege credentials — Downscope the manager's OpenSearch keystore credentials from
admin/all_accessto the narrowerwazuh-serverrole included in the OpenSearch security plugin.
Indicators of Compromise
Defenders running Wazuh 5.0 beta can monitor for anomalous bulk API operations against wazuh-alerts-* or .kibana_1 indices originating from agent communication channels. Unexpected index deletion events in OpenSearch audit logs are a strong indicator of active exploitation.
References
- NVD — CVE-2026-56699
- GitHub Advisory GHSA-ff9g-85jq-r3g3
- GBHackers — Critical Wazuh Flaw Enables Threat Actors to Alter Alerts and Remove Logs
- CybersecurityNews — Critical Wazuh Vulnerability Lets Attackers Tamper with Alerts
- SecurityOnline — Critical Wazuh CVSS 10 Vulnerability Details and PoC Released