CVE-2026-23925

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description A Zabbix user with the 'User' role and template/host write permissions can create objects using the configuration.import API. This can result in unauthorized hosts being created, leading to potential confidentiality loss. The 'User' role typically does not have sufficient privileges to create or modify templates and hosts, even with write permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.