Security Advisory

CVE-2026-23925

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-06 08:24:15

Last updated 2026-03-09 20:54:45

Assigner Zabbix

State PUBLISHED

Description

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.

← Browse all CVEs View on cve.org ↗