EUVD-2026-14952

🗓️ 24 Mar 2026 21:31:23Reported by EUVDType

Regex validation runs in multiline mode; newlines bypass ^ and $, enabling users to inject commands.

Reporter	Title	Published	Views	Family All 20
ATTACKERKB	CVE-2026-23920	24 Mar 202618:27	–	attackerkb
Circl	CVE-2026-23920	25 Mar 202614:35	–	circl
CNNVD	Zabbix 安全漏洞	24 Mar 202600:00	–	cnnvd
CVE	CVE-2026-23920	24 Mar 202618:27	–	cve
Cvelist	CVE-2026-23920 Host and event action script regex validation can be bypassed in certain situations, leading to potential command injection	24 Mar 202618:27	–	cvelist
Debian CVE	CVE-2026-23920	24 Mar 202618:27	–	debiancve
NVD	CVE-2026-23920	24 Mar 202619:16	–	nvd
OSV	DEBIAN-CVE-2026-23920	24 Mar 202619:16	–	osv
OSV	UBUNTU-CVE-2026-23920	24 Mar 202619:16	–	osv
Positive Technologies	PT-2026-27474	24 Mar 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "5f69162c-97f9-356b-8eb2-cf6e22b1b409",
        "vendor": {
          "name": "Zabbix"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "7a928c86-8347-37fe-a406-ea73df9b1174",
        "product": {
          "name": "Zabbix"
        },
        "product_version": "7.4.0 ≤7.4.5"
      },
      {
        "id": "ccf2665b-a5a7-38ed-b151-0a1b6c35a851",
        "product": {
          "name": "Zabbix"
        },
        "product_version": "7.0.0 ≤7.0.21"
      },
      {
        "id": "d5098e5d-095b-35a5-af65-b95a4469d493",
        "product": {
          "name": "Zabbix"
        },
        "product_version": "7.2.0 ≤7.2.14"
      }
    ]
  }
]

Source	Link
support	www.support.zabbix.com/browse/ZBX-27639
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-23920

24 Mar 2026 21:31Current

5.8Medium risk

Vulners AI Score5.8

CVSS 47.7

EPSS0.0007