High severity8.1NVD Advisory· Published Mar 6, 2026· Updated Jun 5, 2026
CVE-2026-23925
CVE-2026-23925
Description
An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
1- support.zabbix.com/browse/ZBX-27567nvdIssue TrackingVendor AdvisoryMitigation
News mentions
0No linked articles in our index yet.