CVE-2026-23927

🗓️ 06 May 2026 06:59:42Reported by ZabbixType

CVE-2026-23927: Oracle plugin injects TNS strings via service parameter, risking credential leakage.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2026-23927	6 May 202606:59	–	attackerkb
Circl	CVE-2026-23927	6 May 202610:36	–	circl
CNNVD	Zabbix 安全漏洞	6 May 202600:00	–	cnnvd
Cvelist	CVE-2026-23927 Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter	6 May 202606:59	–	cvelist
Debian CVE	CVE-2026-23927	6 May 202606:59	–	debiancve
EUVD	EUVD-2026-27528	6 May 202606:59	–	euvd
NVD	CVE-2026-23927	6 May 202608:16	–	nvd
OSV	DEBIAN-CVE-2026-23927	6 May 202608:16	–	osv
OSV	UBUNTU-CVE-2026-23927	6 May 202608:16	–	osv
Positive Technologies	PT-2026-37345	6 May 202600:00	–	ptsecurity

[
  {
    "vendor": "Zabbix",
    "product": "Zabbix",
    "repo": "https://git.zabbix.com/",
    "modules": [
      "Agent2"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0",
        "lessThanOrEqual": "6.0.44",
        "changes": [
          {
            "at": "6.0.45",
            "status": "unaffected"
          }
        ],
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.23",
        "changes": [
          {
            "at": "7.0.24",
            "status": "unaffected"
          }
        ],
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "7.4.0",
        "lessThanOrEqual": "7.4.7",
        "changes": [
          {
            "at": "7.4.8",
            "status": "unaffected"
          }
        ],
        "versionType": "git"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
support	www.support.zabbix.com/browse/ZBX-27759

17 Jun 2026 10:22Current

5.8Medium risk

Vulners AI Score5.8

CVSS 45

EPSS0.00229

SSVC

CWE-522