CVE-2026-23926

Published: May 6, 2026

Modified: May 7, 2026

PUBLISHED

Description

An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip.

Vendor	Product	Versions
Zabbix	Zabbix	affected `7.0.0 - <= 7.0.23` affected `7.4.0 - <= 7.4.7`

Weaknesses (CWE)

CWE-79

References

https://support.zabbix.com/browse/ZBX-27758

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-23926

Description

Affected Products

Weaknesses (CWE)

References