CVE-2026-56699 - Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index
CVE ID :CVE-2026-56699 Published : July 15, 2026, 12:18 p.m. | 16 minutes ago Description :Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can...