Zabbix
Zabbix is an open-source monitoring platform for networks, servers, virtual machines, and cloud services. It collects metrics via SNMP, IPMI, JMX, and custom agents, then stores the data in a relational database and provides alerting, visualization, and reporting through a web-based frontend.
Products
3- 118 CVEs
- 10 CVEs
- 1 CVE
Recent CVEs
123| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10134 | Cri | 0.73 | 9.8 | 0.83 | Feb 17, 2017 | SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | ||
| CVE-2014-3005 | Cri | 0.64 | 9.8 | 0.05 | Feb 1, 2018 | XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | ||
| CVE-2016-4338 | Hig | 0.57 | 8.1 | 0.21 | Jan 23, 2017 | The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via… | ||
| CVE-2017-2824 | Hig | 0.55 | 8.1 | 0.26 | May 24, 2017 | An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to… | ||
| CVE-2026-23925 | Hig | 0.53 | 8.1 | 0.00 | Mar 6, 2026 | An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit… | ||
| CVE-2026-23928 | Hig | 0.47 | — | 0.00 | May 6, 2026 | The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The… | ||
| CVE-2026-23926 | Hig | 0.47 | — | 0.00 | May 6, 2026 | An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on… | ||
| CVE-2025-27234 | Hig | 0.47 | — | 0.00 | Sep 12, 2025 | Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution. | ||
| CVE-2025-49642 | Med | 0.38 | — | 0.00 | Dec 1, 2025 | Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory. | ||
| CVE-2025-27233 | Med | 0.37 | — | 0.00 | Sep 12, 2025 | Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system. | ||
| CVE-2026-23927 | Med | 0.33 | — | 0.00 | May 6, 2026 | A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session. | ||
| CVE-2022-23131 | 0.20 | — | 0.96 | KEV | Jan 13, 2022 | In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and… | ||
| CVE-2022-23134 | 0.19 | — | 0.85 | KEV | Jan 13, 2022 | After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. | ||
| CVE-2013-3628 | 0.10 | — | 0.67 | Feb 7, 2020 | Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability | |||
| CVE-2013-5743 | 0.09 | — | 0.80 | Dec 11, 2019 | Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | |||
| CVE-2024-22120 | 0.07 | — | 0.77 | May 17, 2024 | Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. | |||
| CVE-2019-17382 | 0.07 | — | 0.54 | Oct 9, 2019 | An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All… | |||
| CVE-2009-4498 | 0.06 | — | 0.32 | Dec 31, 2009 | The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2009-4502 | 0.05 | — | 0.22 | Dec 31, 2009 | The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack… | |||
| CVE-2020-11800 | 0.04 | — | 0.09 | Oct 7, 2020 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. |
- risk 0.73cvss 9.8epss 0.83
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
- risk 0.64cvss 9.8epss 0.05
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
- risk 0.57cvss 8.1epss 0.21
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via…
- risk 0.55cvss 8.1epss 0.26
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to…
- risk 0.53cvss 8.1epss 0.00
An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit…
- risk 0.47cvss —epss 0.00
The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The…
- risk 0.47cvss —epss 0.00
An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on…
- risk 0.47cvss —epss 0.00
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.
- risk 0.38cvss —epss 0.00
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
- risk 0.37cvss —epss 0.00
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.
- risk 0.33cvss —epss 0.00
A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.
- risk 0.20cvss —epss 0.96
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and…
- risk 0.19cvss —epss 0.85
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
- CVE-2013-3628Feb 7, 2020risk 0.10cvss —epss 0.67
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
- CVE-2013-5743Dec 11, 2019risk 0.09cvss —epss 0.80
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
- CVE-2024-22120May 17, 2024risk 0.07cvss —epss 0.77
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
- CVE-2019-17382Oct 9, 2019risk 0.07cvss —epss 0.54
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All…
- CVE-2009-4498Dec 31, 2009risk 0.06cvss —epss 0.32
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
- CVE-2009-4502Dec 31, 2009risk 0.05cvss —epss 0.22
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack…
- CVE-2020-11800Oct 7, 2020risk 0.04cvss —epss 0.09
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.