Zabbix 7.4.x < 7.4.7 Arbitrary PHP Class Instantiation (ZBX-27641)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time. Note that Nessus...

SUSE CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

EUVD-2026-14956

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923

A flaw was found in Zabbix. An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. This could lead to a limited impact on the availability of the system, depending on the environment setup. Mitigation Mitigation for this issue is eithe...

CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923

CVE-2026-23923 : An unauthenticated attacker can abuse the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. Impact depends on environment, but appears limited; CVSS 4.0 base vector lists MEDIUM severity (6.9). No concrete exploitation details or affected product/vendor are...

CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

PT-2026-27476

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can exploit the 'validate' action in the Frontend to blindly instantiate arbitrary PHP classes. The impact of this issue depends on t...