Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.6
Zabbix: Authenticated User Can Write Arbitrary Hosts
UBUNTU-CVE-2026-23925
Summary
An authenticated user with specific permissions can create or modify any host in Zabbix, potentially allowing unauthorized access to sensitive systems. This affects Zabbix server installations where users have been granted template or host write permissions. To mitigate this risk, ensure that users only have the necessary permissions to perform their tasks and consider restricting access to sensitive areas of the system.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| canonical | zabbix | All versions | – |
| canonical | zabbix | All versions | – |
| canonical | zabbix | All versions | – |
| canonical | zabbix | All versions | – |
| canonical | zabbix | All versions | – |
| canonical | zabbix | All versions | – |
Original title
(An authenticated Zabbix user (User role) with template/host write perm ...)
Original description
(An authenticated Zabbix user (User role) with template/host write perm ...)
osv CVSS4.0
7.6
- https://ubuntu.com/security/CVE-2026-23925 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-23925 Third Party Advisory
- https://support.zabbix.com/browse/ZBX-27567 Third Party Advisory
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026