CVE-2026-23925

Vulnerability Description

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.

Related Weaknesses (CWE)

CWE-863

References

https://support.zabbix.com/browse/ZBX-27567

FAQ

What is CVE-2026-23925?

CVE-2026-23925 is a documented vulnerability. An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized...

How severe is CVE-2026-23925?

CVSS scoring is not yet available for CVE-2026-23925. Check NVD for updates.

Is there a patch for CVE-2026-23925?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.