CVE-2026-23920

🗓️ 24 Mar 2026 18:27:52Reported by ZabbixType

CVE-2026-23920: Multiline regex with anchors bypasses input validation and allows command injection.

Reporter	Title	Published	Views	Family All 20
ATTACKERKB	CVE-2026-23920	24 Mar 202618:27	–	attackerkb
Circl	CVE-2026-23920	25 Mar 202614:35	–	circl
CNNVD	Zabbix 安全漏洞	24 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-23920 Host and event action script regex validation can be bypassed in certain situations, leading to potential command injection	24 Mar 202618:27	–	cvelist
Debian CVE	CVE-2026-23920	24 Mar 202618:27	–	debiancve
EUVD	EUVD-2026-14952	24 Mar 202621:31	–	euvd
NVD	CVE-2026-23920	24 Mar 202619:16	–	nvd
OSV	DEBIAN-CVE-2026-23920	24 Mar 202619:16	–	osv
OSV	UBUNTU-CVE-2026-23920	24 Mar 202619:16	–	osv
Positive Technologies	PT-2026-27474	24 Mar 202600:00	–	ptsecurity

[
  {
    "vendor": "Zabbix",
    "product": "Zabbix",
    "repo": "https://git.zabbix.com/",
    "modules": [
      "Server",
      "Proxy"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.21",
        "changes": [
          {
            "at": "7.0.22",
            "status": "unaffected"
          }
        ],
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.14",
        "changes": [
          {
            "at": "7.2.15",
            "status": "unaffected"
          }
        ],
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "7.4.0",
        "lessThanOrEqual": "7.4.5",
        "changes": [
          {
            "at": "7.4.6",
            "status": "unaffected"
          }
        ],
        "versionType": "git"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
support	www.support.zabbix.com/browse/ZBX-27639

25 Mar 2026 15:41Current

5.8Medium risk

Vulners AI Score5.8

CVSS 47.7

EPSS0.00248

SSVC

CWE-78