Improper Input Validation

zabbix is vulnerable to Improper Input Validation. The vulnerability is due to improper regex validation running in multiline mode, which allows an authenticated attacker to bypass ^ and $ anchor checks using injected newline characters and execute shell command injection...

CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...