CVE-2026-23925

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.zabbix.com/browse/ZBX-27567	Issue Tracking Vendor Advisory Mitigation

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix::::::::

History

05 Jun 2026, 17:05

Type	Values Removed	Values Added
First Time		Zabbix Zabbix zabbix
References	~~() https://support.zabbix.com/browse/ZBX-27567 -~~	() https://support.zabbix.com/browse/ZBX-27567 - Issue Tracking, Vendor Advisory, Mitigation
CPE		cpe:2.3:a:zabbix:zabbix::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
Summary		(es) Un usuario autenticado de Zabbix (rol de usuario) con permisos de escritura de plantillas/hosts puede crear objetos a través de la API configuration.import. Esto puede llevar a una pérdida de confidencialidad al crear hosts no autorizados. Tenga en cuenta que el rol de usuario normalmente no es suficiente para crear y editar plantillas/hosts, incluso con permisos de escritura.

06 Mar 2026, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-06 09:15

Updated : 2026-06-05 17:05

NVD link : CVE-2026-23925

Mitre link : CVE-2026-23925

CVE.ORG link : CVE-2026-23925

JSON object : View

Products Affected

zabbix

zabbix

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2026-23925", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security@zabbix.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:H/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-06T09:15:56.100", "references": [{"url": "https://support.zabbix.com/browse/ZBX-27567", "tags": ["Issue Tracking", "Vendor Advisory", "Mitigation"], "source": "security@zabbix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zabbix.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions."}, {"lang": "es", "value": "Un usuario autenticado de Zabbix (rol de usuario) con permisos de escritura de plantillas/hosts puede crear objetos a trav\u00e9s de la API configuration.import. Esto puede llevar a una p\u00e9rdida de confidencialidad al crear hosts no autorizados. Tenga en cuenta que el rol de usuario normalmente no es suficiente para crear y editar plantillas/hosts, incluso con permisos de escritura."}], "lastModified": "2026-06-05T17:05:16.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB51CE02-E39D-402B-A2A4-ABDC678D44F6", "versionEndExcluding": "6.0.41", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F4CE82D-66AF-4C88-925B-1B5CF1D0F174", "versionEndExcluding": "7.0.18", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02FECC41-6BFA-43DB-8BC0-0317085195AC", "versionEndExcluding": "7.4.2", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@zabbix.com"}