Changeflow GovPing Data Privacy & Cybersecurity Zabbix Vulnerabilities Allow Remote Denial of S...
Priority review Notice Added Final

Zabbix Vulnerabilities Allow Remote Denial of Service

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 27th, 2026
Detected March 27th, 2026
Email

Summary

CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Zabbix versions prior to 7.0.22 with the latest security patch. These vulnerabilities could allow remote denial of service and security policy bypass. Users are advised to consult the Zabbix security bulletin for patch information.

View original document View source feed page

What changed

CERT-FR has released an advisory (CERTFR-2026-AVI-0367) detailing multiple vulnerabilities in Zabbix software, specifically affecting versions prior to 7.0.22 that have not applied the latest security patch. The identified vulnerabilities include the potential for remote denial of service, security policy bypass, and other unspecified security issues.

Organizations utilizing Zabbix monitoring systems should immediately consult the Zabbix security bulletin (ZBX-27458) and apply the necessary security patches to mitigate these risks. Failure to do so could result in system compromise, service disruption, and potential data breaches. The advisory references CVE-2025-61727, CVE-2025-61729, and CVE-2025-66578.

What to do next

  1. Apply the latest security patches to Zabbix versions as detailed in Zabbix security bulletin ZBX-27458.
  2. Review Zabbix security configurations for any signs of compromise.
  3. Consult CVE details for specific vulnerability information.

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 27 mars 2026 N° CERTFR-2026-AVI-0367 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans Zabbix

Gestion du document

| Référence | CERTFR-2026-AVI-0367 |
| Titre | Multiples vulnérabilités dans Zabbix |
| Date de la première version | 27 mars 2026 |
| Date de la dernière version | 27 mars 2026 |
| Source(s) | Bulletin de sécurité Zabbix ZBX-27458 du 27 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Contournement de la politique de sécurité
  • Déni de service à distance
  • Non spécifié par l'éditeur

Systèmes affectés

  • Zabbix versions 7.0.22 sans le dernier correctif de sécurité

Résumé

De multiples vulnérabilités ont été découvertes dans Zabbix. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 27 mars 2026 Version initiale

Related changes

Favicon for www.cert.ssi.gouv.fr Symantec DLP Privilege Escalation Vulnerability
Priority review Mar 31, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Elastic OpenTelemetry Java Remote Code Execution Vulnerability
Urgent Mar 31, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Papercut Vulnerabilities Expose Data Confidentiality, Enable Remote XSS
Priority review Mar 31, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com Cyber vulnerability assessment and remedy identification patent
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Business Methods (G06Q) Banking & Finance
Favicon for wid.cert-bund.de IBM App Connect Enterprise Multiple DoS Vulnerabilities
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Kyocera Printer Critical Vulnerabilities CVSS 9.8 Remote Attack
Urgent Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
March 27th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CERTFR-2026-AVI-0367

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology 5182 Data Processing & Hosting
Activity scope
System Monitoring IT Security
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Product Security IT Operations

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 285 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.