CVE-2026-23925 in Zabbixالمعلومات

الملخص

بحسب MITRE • 06/03/2026

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Zabbix

حجز

19/01/2026

إفشاء

06/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-349432

CPE

جاهز

CWE

CWE-863 (مؤكد)

CVSS

6.3 (VulDB)

EPSS

0.00016

KEV

لا

النشاطات

منخفض جدًا

القطاع

Finance, Industry, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-23925
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-23925
CVE Details	https://www.cvedetails.com/cve/CVE-2026-23925/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!