{
  "title": "CVE of the day — CVE-2026-56699 (CVSS 10.0, critical)",
  "title_variants": [
    {
      "id": "v0",
      "title": "CVE of the day — CVE-2026-56699 (CVSS 10.0, critical)"
    },
    {
      "id": "v1",
      "title": "CVSS 10.0"
    },
    {
      "id": "v2",
      "title": "CVE-2026-56699: critical vulnerability, CVSS 10,0/10, type injection, exploitable remotely,"
    }
  ],
  "description": "CVE-2026-56699: critical vulnerability, CVSS 10,0/10, type injection, exploitable remotely, without privileges, without user interaction. Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue. index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary..",
  "keywords": [
    "c",
    "cve-2026-56699",
    "vulnerability",
    "critical vulnerability",
    "cwe-74",
    "cvs",
    "cybersecurity",
    "cybersecurity",
    "♪",
    "security update"
  ],
  "scenes": [
    {
      "title": "CVE-2026- 566",
      "subtitle": "CVSS 10.0",
      "text": "CVE-2026-56699: Critical gravity, CVSS score 10,0 out of 10 according to the National Vulnerability Database."
    },
    {
      "title": "Injection",
      "subtitle": "· injection CVSS v3.1",
      "text": "Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue. index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index.."
    },
    {
      "title": "EXPOSURE AND MITIGATION",
      "subtitle": "remotely exploitable, without privileges, without user interaction",
      "text": "Remotely exploitable Vulnerability, without privileges, without user interaction. Apply the update of the supplier promptly and consult the official notice on NVD."
    }
  ],
  "publication_date": "2026-07-17T00:14:06.216Z",
  "duration": 20,
  "topic": "cve",
  "lang": "en",
  "translation_group": "cve-2026-07-17",
  "poster": "cve-2026-07-17-en.jpg",
  "preview": "cve-2026-07-17-en.gif",
  "og_card": "cve-2026-07-17-en.og.jpg",
  "audiogram": "cve-2026-07-17-en.audiogram.mp4",
  "captions": "cve-2026-07-17-en.vtt",
  "generation": {
    "procedural": true,
    "ai_generated": [
      "background",
      "voice"
    ],
    "real_data_source": "official public API",
    "filmed_real_event": false,
    "disclosure": "Procedurally generated from real public-source data; abstract AI-generated backgrounds; synthetic (TTS) voice. No real event is filmed or altered."
  },
  "transcript_text": "CVE-2026-56699: Critical gravity, CVSS score 10,0 out of 10 according to the National Vulnerability Database. Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue. index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index.. Remotely exploitable Vulnerability, without privileges, without user interaction. Apply the update of the supplier promptly and consult the official notice on NVD.",
  "transcript": [
    {
      "start": 0,
      "end": 6.667,
      "text": "CVE-2026-56699: Critical gravity, CVSS score 10,0 out of 10 according to the National Vulnerability Database."
    },
    {
      "start": 6.667,
      "end": 13.333,
      "text": "Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue. index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index.."
    },
    {
      "start": 13.333,
      "end": 20,
      "text": "Remotely exploitable Vulnerability, without privileges, without user interaction. Apply the update of the supplier promptly and consult the official notice on NVD."
    }
  ]
}