CVE-2026-23925EPSS p16.7%

CVE-2026-23925CVE-2026-23925

zabbix / zabbix

Description

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.

Scoring

CVSS 8.1 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.26% probability of exploitation · percentile 16.7% · 2026-06-19T12:03:05Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Zabbix Frontend Improper Access Control Vulnerability
CVE
CVE-2026-2041
CVE
CVE-2026-23595
CVE
Zabbix Frontend Authentication Bypass Vulnerability
CVE
CVE-2026-10855
CVE
CVE-2026-29202
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.