PT-2026-27475 · Zabbix+1 · Zabbix+1
Janis Nulle
+1
·
Published
2026-03-24
·
Updated
2026-04-17
·
CVE-2026-23921
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Zabbix versions prior to 7.4.6
Description
A Zabbix user with API access can exploit a blind SQL injection in the
CApiService.php file. The issue resides in the sortfield parameter, allowing an attacker to execute arbitrary SQL selects. While query results are not directly returned, data can be exfiltrated using time-based techniques. This could lead to the disclosure of session identifiers and compromise of administrator accounts. The vulnerable component is located at the API endpoint include/classes/api/CApiService.php. The vulnerable parameter is sortfield.Recommendations
Update to Zabbix version 7.4.6 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Os
Zabbix