VYPR
High severity8.1NVD Advisory· Published Mar 6, 2026· Updated Jun 5, 2026

CVE-2026-23925

CVE-2026-23925

Description

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Zabbix/Zabbix3 versions
    cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*range: >=6.0.0,<6.0.41
    • (no CPE)
    • (no CPE)range: 6.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.