Paalbra

**Name of the Vulnerable Software and Affected Versions** Zabbix versions 4.0 LTS through 5.0 LTS **Description** The issue allows for Remote Code Execution (RCE) due to authorization errors. Any user with the `Zabbix Admin` role can run custom shell scripts on the application server in the context of the application user. This could potentially allow an attacker to execute arbitrary code with root privileges. **Recommendations** For Zabbix versions 4.0 LTS, 4.2, 4.4, and 5.0 LTS, consider restricting the `Zabbix Admin` role to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling custom shell script execution on the application server until a fix is released. Restrict access to the application server to minimize the risk of exploitation.