216.73.217.80

CVE-2026-23919

· Published 24/03/2026 19:16 · Modified 25/03/2026 15:41

Labels: CVE-2026-23919 2026-03-24CVE-2026-23919CWE-488[email protected]

Essential information

Published
24/03/2026 19:16
Modified
25/03/2026 15:41
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks). This can lead to confidentiality loss where a regular (non-super) Zabbix administrator leaks data for hosts they do not have access to. A fix has been released that makes the built in Zabbix JavaScript objects read-only, but please be advised that usage of global JavaScript variables is not recommended because their content could be leaked. More information <a href='https://www.zabbix.com/documentation/7.4/en/manual/installation/known_issues#preprocessing-global-variables-are-unsafe'>in Zabbix documentation</a>.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zabbix / zabbix cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*

References