wazuh-dashboard-fips

Direct Vulnerabilities

Known vulnerabilities in the wazuh-dashboard-fips package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2026-54289	<4.14.5-r6
L GHSA-wgpf-jwqj-8h8p	<4.14.5-r6
L CVE-2026-54287	<4.14.5-r6
L CVE-2026-54290	<4.14.5-r6
L CVE-2026-54288	<4.14.5-r6
L CVE-2026-54286	<4.14.5-r6
L GHSA-j6c9-x7qj-28xf	<4.14.5-r6
L GHSA-wwfh-h76j-fc44	<4.14.5-r6
L GHSA-rv63-4mwf-qqc2	<4.14.5-r6
L GHSA-88fw-hqm2-52qc	<4.14.5-r6
L GHSA-p92q-9vqr-4j8v	<4.14.5-r5
L GHSA-hfxv-24rg-xrqf	<4.14.5-r5
C Improperly Controlled Modification of Dynamically-Determined Object Attributes	<4.14.5-r5
L Arbitrary Code Injection	<4.14.5-r5
L GHSA-j5f8-grm9-p9fc	<4.14.5-r5
L GHSA-898c-q2cr-xwhg	<4.14.5-r5
L GHSA-pjwm-pj3p-43mv	<4.14.5-r5
L Allocation of Resources Without Limits or Throttling	<4.14.5-r5
L GHSA-q8qp-cvcw-x6jj	<4.14.5-r5
L Information Exposure	<4.14.5-r5
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<4.14.5-r5
L Unintended Proxy or Intermediary ('Confused Deputy')	<4.14.5-r5
H Information Exposure	<4.14.5-r5
L GHSA-3g43-6gmg-66jw	<4.14.5-r5
L GHSA-35jp-ww65-95wh	<4.14.5-r5
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<4.14.5-r5
L Server-Side Request Forgery (SSRF)	<4.14.5-r5
L GHSA-3w6x-2g7m-8v23	<4.14.5-r5
L Resource Exhaustion	<4.14.5-r5
L GHSA-777c-7fjr-54vf	<4.14.5-r5
L GHSA-9ppj-qmqm-q256	<4.14.5-r4
M Directory Traversal	<4.14.5-r4
L GHSA-ph9p-34f9-6g65	<4.14.5-r3
L CVE-2026-44974	<4.14.5-r3
L GHSA-36hh-x5p5-jgc8	<4.14.5-r3
H Directory Traversal	<4.14.5-r3
L GHSA-46wh-pxpv-q5gq	<4.14.5-r2
L Allocation of Resources Without Limits or Throttling	<4.14.5-r2
L Incorrect Authorization	<4.14.5-r2
L Directory Traversal	<4.14.5-r2
L GHSA-92pp-h63x-v22m	<4.14.5-r2
L CVE-2026-8723	<4.14.5-r1
L GHSA-q8mj-m7cp-5q26	<4.14.5-r1
L GHSA-wc8c-qw6v-h7f6	<4.14.5-r2
L GHSA-298w-vvm4-ww55	<4.14.5-r0
L GHSA-83g3-92jg-28cx	<4.14.5-r0
L GHSA-qffp-2rhf-9h96	<4.14.5-r0
H Directory Traversal	<4.14.5-r0
L GHSA-r6q2-hw4h-h46w	<4.14.5-r0
L GHSA-34x7-hfp2-rc4v	<4.14.5-r0
M Improper Handling of Unicode Encoding	<4.14.5-r0
M Directory Traversal	<4.14.5-r0
L GHSA-8qq5-rm4j-mr97	<4.14.5-r0
L Directory Traversal	<4.14.5-r0
M Directory Traversal	<4.14.5-r0
L GHSA-hm8q-7f3q-5f36	<4.14.4-r3
L GHSA-v39h-62p7-jpjc	<4.14.4-r3
H Use of Uninitialized Resource	<4.14.4-r3
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<4.14.4-r3
L Information Exposure Through Caching	<4.14.4-r3
L Arbitrary Code Injection	<4.14.4-r3
L Improper Validation of Specified Quantity in Input	<4.14.4-r3
M Arbitrary Code Injection	<4.14.4-r3
L CVE-2026-6322	<4.14.4-r3
L Resource Exhaustion	<4.14.4-r3
L GHSA-v2v4-37r5-5v8g	<4.14.4-r3
M Cross-site Scripting (XSS)	<4.14.4-r3
L GHSA-58qx-3vcg-4xpx	<4.14.4-r3
L GHSA-69xw-7hcm-h432	<4.14.4-r3
L GHSA-qjx8-664m-686j	<4.14.4-r3
L GHSA-9vqf-7f2p-gf9v	<4.14.4-r3
L GHSA-qp7p-654g-cw7p	<4.14.4-r3
L GHSA-p77w-8qqv-26rm	<4.14.4-r3
L GHSA-qj8w-gfj5-8c6v	<4.14.4-r2
H Resource Exhaustion	<4.14.4-r2
L GHSA-q3j6-qgpj-74h6	<4.14.4-r2
L CVE-2026-6321	<4.14.4-r2
H Out-of-bounds Write	<4.14.4-r2
L CVE-2026-5758	<4.14.4-r2
L Cross-site Scripting (XSS)	<4.14.4-r2
L GHSA-crv5-9vww-q3g8	<4.14.4-r2
L GHSA-h7mw-gpvr-xq4m	<4.14.4-r2
L GHSA-39q2-94rc-95cp	<4.14.4-r2
L GHSA-v9jr-rg53-9pgp	<4.14.4-r2
M Cross-site Scripting (XSS)	<4.14.4-r2
L GHSA-j452-xhg8-qg39	<4.14.4-r2
L GHSA-w5hq-g745-h8pq	<4.14.4-r2
L Cross-site Scripting (XSS)	<4.14.4-r2
L Permissive Whitelist	<4.14.5-r5
L GHSA-xx6v-rp6x-q39c	<4.14.5-r5
H Uncontrolled Recursion	<4.14.5-r5
L CRLF Injection	<4.14.5-r5
L Allocation of Resources Without Limits or Throttling	<4.14.5-r5
L GHSA-445q-vr5w-6q77	<4.14.5-r5
L HTTP Response Splitting	<4.14.5-r5
L GHSA-pmwg-cvhr-8vh7	<4.14.5-r5
M Improper Authentication	<4.14.5-r5
H Server-Side Request Forgery (SSRF)	<4.14.5-r5
C Permissive Whitelist	<4.14.5-r5
L GHSA-6chq-wfr3-2hj9	<4.14.5-r5
L GHSA-m7pr-hjqh-92cm	<4.14.5-r5
L GHSA-vf2m-468p-8v99	<4.14.5-r5
L GHSA-xhjh-pmcv-23jw	<4.14.5-r5
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<4.14.5-r5
L GHSA-w9j2-pvgh-6h63	<4.14.5-r5
L Improper Encoding or Escaping of Output	<4.14.5-r5
L GHSA-62hf-57xw-28j9	<4.14.5-r5
L Allocation of Resources Without Limits or Throttling	<4.14.5-r5
L GHSA-pf86-5x62-jrwf	<4.14.5-r5
L GHSA-5c9x-8gcm-mpgx	<4.14.5-r5

Vulnerability

Vulnerable Version

CVE-2026-54289

<4.14.5-r6