CVE-2026-23925

EUVD-2026-10026
An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ZabbixCNA
5.1 MEDIUM
NETWORK
LOW
LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:H/SI:N/SA:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
zabbixzabbix
6.0.0 ≤
𝑥
≤ 6.0.40
CNA
zabbixzabbix
7.0.0 ≤
𝑥
≤ 7.0.17
CNA
zabbixzabbix
7.4.0 ≤
𝑥
≤ 7.4.1
CNA
Common Weakness Enumeration
References
https://support.zabbix.com/browse/ZBX-27567