Unrated severityNVD Advisory· Published Mar 24, 2026· Updated Mar 25, 2026

Agent 2 Docker plugin arbitrary file read via Docker API injection

CVE-2026-23924

Description

Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API.

Affected products

Zabbix/Zabbixv5
Range: 6.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.zabbix.com/browse/ZBX-27642mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000