Skip to main content

Zabbix Agent 2 CVE-2026-23927

| EUVDEUVD-2026-27528 MEDIUM
Insufficiently Protected Credentials (CWE-522)
2026-05-06 Zabbix GHSA-r8x9-p5v6-vx46
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 06, 2026 - 10:00 vuln.today
CVSS changed
May 06, 2026 - 08:22 NVD
5.1 (MEDIUM)

DescriptionCVE.org

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.

AnalysisAI

Zabbix Agent 2 allows remote attackers with high privileges to inject malicious Oracle TNS connection strings via the 'service' parameter, enabling credential theft from saved database sessions. The vulnerability requires network access and high-level privileges but can lead to disclosure of Oracle database credentials if they are stored in named sessions. CVSS 5.1 reflects the requirement for authenticated attacker access (PR:H), though the impact to stored credentials is significant.

Technical ContextAI

Zabbix Agent 2 implements Oracle database monitoring capabilities that accept TNS connection parameters. The 'service' parameter in connection requests fails to properly validate or sanitize user input before constructing TNS connection strings, violating CWE-522 (Insufficiently Protected Credentials). This allows an attacker to redirect database connections to attacker-controlled servers, intercepting authentication attempts and harvesting credentials. The vulnerability affects CPE cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* across multiple major versions.

RemediationAI

Apply vendor patches immediately: upgrade to Zabbix 6.0.45 or later for 6.x branch, Zabbix 7.0.24 or later for 7.0.x branch, or Zabbix 7.4.8 or later for 7.4.x branch (exact patch versions to be confirmed via https://support.zabbix.com/browse/ZBX-27759). As a compensating control pending patching, remove or disable Oracle database credentials from Zabbix named sessions and instead configure Oracle monitoring with separate, time-limited service accounts that do not store plaintext credentials. Additionally, restrict network access to Agent 2 interfaces using firewall rules to limit which internal systems can submit connection parameters, reducing the attack surface for high-privilege attackers. Monitor Agent 2 logs for unusual TNS connection attempts or redirects to unexpected servers.

Share

CVE-2026-23927 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy