Question 1

What is CVE-2022-40626 — CVE-2022-40626?

Accepted Answer

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.

Question 2

What is the authoritative source for CVE-2022-40626?

Accepted Answer

CVE-2022-40626 (CVE-2022-40626) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	4.8 ()
Vector	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
EPSS	0.65% probability of exploitation · percentile 46.2% · 2026-06-18T12:00:27Z
Last modified	2026-06-17

CVE-2022-40626CVE-2022-40626

Description

Scoring