wid-sec-w-2026-0629 · Published 2026-03-05 · View on BSI CERT-Bund ↗

Zabbix: Vulnerability allows Umgehen from Sicherheitsvorkehrungen

CVSS 5.1 MEDIUM

Risk Summary

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.

CVEs (1)

CVE-2026-23925

Affected Vendors

Fedora Zabbix

Affected Products (6)

Zabbix · Zabbix <6.0.41

Zabbix · Zabbix 6.0.41

Zabbix · Zabbix <7.0.18

Zabbix · Zabbix 7.0.18

Zabbix · Zabbix <7.4.2

Zabbix · Zabbix 7.4.2

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more