{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/zabbix--7.0.24/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"id":"CVE-2026-23926"},{"id":"CVE-2026-23927"},{"id":"CVE-2026-23928"}],"_cs_exploited":false,"_cs_products":["Zabbix \u003c 6.0.45","Zabbix \u003c 7.0.24","Zabbix \u003c 7.4.8"],"_cs_severities":["medium"],"_cs_tags":["zabbix","xss","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Zabbix"],"content_html":"\u003cp\u003eMultiple vulnerabilities have been discovered in Zabbix, a popular open-source monitoring solution. These vulnerabilities, detailed in Zabbix security bulletins ZBX-27758, ZBX-27759, and ZBX-27760, can lead to a breach of data confidentiality and enable remote cross-site scripting (XSS) attacks. The affected versions include Zabbix 6.0.x prior to 6.0.45, Zabbix 7.0.x prior to 7.0.24, and Zabbix 7.4.x prior to 7.4.8. Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized access to sensitive information or execute malicious scripts within the context of a user\u0026rsquo;s browser. This poses a significant risk to organizations relying on Zabbix for their monitoring infrastructure.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Zabbix instance running a version prior to 6.0.45, 7.0.24, or 7.4.8.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting an endpoint susceptible to XSS.\u003c/li\u003e\n\u003cli\u003eThe Zabbix server processes the malicious request without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe server reflects the malicious payload back to the user\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe user\u0026rsquo;s browser executes the attacker-injected script.\u003c/li\u003e\n\u003cli\u003eThe injected script steals the user\u0026rsquo;s session cookies.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen session cookies to authenticate to the Zabbix web interface.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive monitoring data or performs administrative actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to unauthorized access to sensitive monitoring data, potentially exposing critical infrastructure details, credentials, and network configurations. The XSS vulnerability can also be leveraged to perform actions on behalf of legitimate users, leading to further compromise of the Zabbix system and potentially impacting the wider network. Given the widespread use of Zabbix in IT infrastructure monitoring, a successful attack could have significant repercussions for affected organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade Zabbix instances to versions 6.0.45, 7.0.24, 7.4.8 or later to patch the vulnerabilities described in Zabbix security bulletins ZBX-27758, ZBX-27759, and ZBX-27760.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious Zabbix HTTP URI\u0026rdquo; to identify potential exploitation attempts targeting vulnerable Zabbix instances.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual activity and patterns indicative of XSS attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T00:00:00Z","date_published":"2026-05-06T00:00:00Z","id":"/briefs/2026-05-zabbix-vulns/","summary":"Multiple vulnerabilities in Zabbix versions 6.0.x before 6.0.45, 7.0.x before 7.0.24, and 7.4.x before 7.4.8 allow for data confidentiality breaches and remote cross-site scripting (XSS) attacks.","title":"Multiple Vulnerabilities in Zabbix","url":"https://feed.craftedsignal.io/briefs/2026-05-zabbix-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Zabbix \u003c 7.0.24","version":"https://jsonfeed.org/version/1.1"}