3 matches found
Zabbix 6.0.x < 6.0.41 / 7.0.x < 7.0.18 / 7.4.x < 7.4.2 Unauthorized Object Creation (ZBX-27567)
The version of Zabbix installed on the remote host is affected by an authorization bypass vulnerability. An authenticated low-privilege user User role possessing template and host write permissions can exploit the configuration.import API to create unauthorized objects, despite the User role...
Linux Distros Unpatched Vulnerability : CVE-2026-23925
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to...
CVE-2026-23925 Unauthorized host creation via configuration.import API by low-privilege user with write permissions
An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...