Product
Wazuh Manager versions prior to 5.0.0-beta3 are critically vulnerable to an injection flaw, CVE-2026-56699 (CWE-74), enabling enrolled agents to inject arbitrary NDJSON operations into OpenSearch bulk requests, leading to data integrity compromise and defense evasion.