CVE-2026-23925

MEDIUM

Zabbix - Privilege Escalation

Title source: llm

Description

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.

References (1)

[Various Sources] https://support.zabbix.com/browse/ZBX-27567

Scores

CVSS v4 5.1

EPSS 0.0001

EPSS Percentile 2.4%

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:H/SI:N/SA:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Published Mar 06, 2026

Tracked Since Mar 06, 2026