CVE-2026-23927

Vulnerability Description

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.

Related Weaknesses (CWE)

CWE-522

References

https://support.zabbix.com/browse/ZBX-27759

FAQ

What is CVE-2026-23927?

CVE-2026-23927 is a documented vulnerability. A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle databa...

How severe is CVE-2026-23927?

CVSS scoring is not yet available for CVE-2026-23927. Check NVD for updates.

Is there a patch for CVE-2026-23927?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.