CVE-2026-23920

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description The regular expression used for validating host and event action script input allows bypass of the validation check when multiline mode is enabled. Specifically, the use of anchors (^ and $) in administrator-defined input validation can be circumvented by injecting a newline character. This allows authenticated users to inject and execute shell commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.