An authenticated path traversal vulnerability in Wazuh allows cluster peers to perform arbitrary file writes, potentially leading to full system-level compromise.

The cluster synchronization process improperly validates paths, allowing an authenticated peer to escape the intended directory and overwrite critical Python modules or system files.

This vulnerability is rated at a 9.0 CVSS score because it allows an attacker who has compromised one node to escalate privileges and impact the entire cluster. This could result in a complete loss of security monitoring visibility and potential system-level control over the infrastructure.

Immediate Action: Upgrade all Wazuh nodes to version 4.14.4 or later immediately.

Proactive Monitoring: Monitor cluster communication logs for unexpected file write operations or synchronization anomalies.

Compensating Controls: Isolate the cluster communication network and ensure that only authorized, trusted nodes can participate in the synchronization process.

Public Exploit Available: Yes

The availability of a proof-of-concept makes this a high-priority remediation task. Organizations must apply the provided patch to all Wazuh components to prevent cluster-wide compromise.