Changeflow GovPing Data Privacy & Cybersecurity Zabbix Vulnerabilities Allow Remote Attacks
Priority review Notice Amended Final

Zabbix Vulnerabilities Allow Remote Attacks

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 24th, 2026
Detected March 25th, 2026
Email

Summary

CERT-Bund has issued a security advisory for Zabbix, detailing multiple vulnerabilities with a CVSS base score of 8.8. These vulnerabilities affect various Zabbix versions and allow remote attackers to disclose information, inject shell commands, perform SQL injection, and cause denial of service.

View original document View source feed page

What changed

CERT-Bund has released a security advisory (WID-SEC-2026-0857) concerning critical vulnerabilities in Zabbix, a popular open-source network monitoring system. The advisory highlights multiple flaws, collectively rated with a high CVSS base score of 8.8, that can be exploited by attackers from an adjacent network. Successful exploitation could lead to information disclosure, shell command injection, SQL injection, and denial of service attacks. The affected versions include Zabbix versions prior to 7.4.3, 7.0.19, 7.2.13, 6.0.41, and several other specific patch levels across these major releases.

Organizations utilizing Zabbix should immediately review their deployed versions against the advisory's list of affected products. Mitigation strategies are available, and it is strongly recommended to update to the patched versions as soon as possible to prevent exploitation. Failure to address these vulnerabilities could result in significant security breaches, including unauthorized system access and data compromise. The advisory indicates that remote attacks are possible, emphasizing the urgency of patching.

What to do next

  1. Review Zabbix versions against advisory WID-SEC-2026-0857
  2. Apply available patches or update to non-vulnerable Zabbix versions
  3. Implement network segmentation and access controls for Zabbix instances

Source document (simplified)

[WID-SEC-2026-0857] Zabbix: Mehrere Schwachstellen CVSS Base Score 8.8 (hoch) CVSS Temporal Score 7.7 (hoch) Remoteangriff ja Datum 24.03.2026 Stand 25.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • Sonstiges
  • UNIX

Produktbeschreibung

Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.

Produkte

24.03.2026
- Zabbix Zabbix <7.4.3

  • Zabbix Zabbix <7.0.19

  • Zabbix Zabbix <7.2.13

  • Zabbix Zabbix <6.0.41

  • Zabbix Zabbix <7.0.22

  • Zabbix Zabbix <7.2.15

  • Zabbix Zabbix <7.4.6

  • Zabbix Zabbix <7.4.7

  • Zabbix Zabbix <7.0.23

  • Zabbix Zabbix <6.0.44

Angriff

Angriff

Ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in Zabbix ausnutzen, um Informationen offenzulegen, um Shell-Befehle einschleusen, um eine SQL Injection durchzuführen und um einen Denial of Service zu verursachen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Named provisions

Betroffene Systeme Angriff

Related changes

Favicon for wid.cert-bund.de Critical xz Utils Vulnerability Enables Remote Code Execution
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Vim Vulnerability - Arbitrary Code Execution Risk
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de gdk-pixbuf Vulnerability - Denial of Service and Remote Code Execution Risk
Priority review Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.csa.gov.sg Critical Axios Supply Chain Compromise via npm
Urgent Apr 01, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for www.cisa.gov CVE-2026-5281 Google Dawn Use-After-Free Added to KEV Catalog
Priority review Apr 01, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiples vulnérabilités dans les produits Microsoft
Priority review Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 24th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0857

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Network Monitoring
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Network Monitoring Vulnerability Management

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 324 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.