Information Disclosure

Zabbix is vulnerable to an information disclosure. The vulnerability is due to the reuse of JavaScript Duktape contexts in Zabbix Server/Proxy, which allows a regular non-super administrator to leak sensitive data from hosts they are not authorized to access through shared global JavaScript...

SUSE CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

DEBIAN-CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

UBUNTU-CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

CVE-2026-23919

CVE-2026-23919 affects Zabbix Server/Proxy where JavaScript (Duktape) contexts are reused for performance, potentially causing confidentiality leakage by non-super administrators who can access hosts they shouldn’t. The issue stems from shared execution contexts used by script items, JavaScript r...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2583)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/'...

The vulnerability of the Go programming language, related to errors in processing whitespace characters within JavaScript contexts, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Go programming language is related to errors in the handling of whitespace characters in JavaScript contexts. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of protected information...

PT-2023-3321 · Alt Linux +9 · Alt Linux +9

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue is related to the handling of whitespace characters in JavaScript contexts. Not all valid JavaScript whitespace characters are...