Security Advisory

CVE-2026-23920

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-24 18:27:52

Last updated 2026-03-26 03:55:29

Assigner Zabbix

State PUBLISHED

Description

Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands.

← Browse all CVEs View on cve.org ↗