Unrated severityNVD Advisory· Published Mar 24, 2026· Updated Mar 25, 2026

Unauthenticated arbitrary PHP class instantiation

CVE-2026-23923

Description

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time.

Affected products

Zabbix/Zabbixv5
Range: 7.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.zabbix.com/browse/ZBX-27641mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000