CVE-2026-30893

Daily digests

An authenticated Wazuh cluster peer can use a path traversal bug in the cluster sync routine to write arbitrary files on other cluster nodes. Because the attacker can overwrite Python modules Wazuh loads, this escalates straight to code execution in the Wazuh service context. If your cluster daemon runs with elevated privileges, that means full system compromise.

• Daily Digest · Apr 30, 2026

  ksmbd RCE (9.8) + Wazuh cluster write-to-RCE