CVE-2026-23925
Unauthorized host creation via configuration.import API by low-privilege user with write permissions
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.
| CWE | CWE-863 |
| Vendor | zabbix |
| Product | zabbix |
| Published | Mar 6, 2026 |
| Last Updated | Mar 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for zabbix zabbix
Be the first to know when new unknown vulnerabilities affecting zabbix zabbix are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Zabbix / Zabbix
6.0.0 โค 6.0.40 7.0.0 โค 7.0.17 7.4.0 โค 7.4.1