2 matches found
CVE-2026-23925 Unauthorized host creation via configuration.import API by low-privilege user with write permissions
An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...
CVE-2026-23925
The CVE-2026-23925 issue affects Zabbix where an authenticated User with template/host write perms can misuse configuration.import to create unauthorized objects, leading to confidentiality loss (e.g., unauthorized hosts). Public sources corroborate an authorization bypass in Zabbix frontend/API ...