The host is installed with Wazuh 3.6.1 through 3.13.5, 4.0.0 through 4.2.7 or 4.3.0 through 4.3.7 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an issue in the Active Response endpoint. Successful exploitation could allow authenticated attackers with RBAC permissions active-response:command might execute a program outside the Active Response binary folder (/var/ossec/active-response/bin).