UBUNTU-CVE-2026-23925
- Source
- https://ubuntu.com/security/CVE-2026-23925
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23925.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-23925
- Upstream
- Published
- 2026-03-06T09:15:00Z
- Modified
- 2026-06-08T09:45:07.937112942Z
- Severity
-
- 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:H/SI:N/SA:L CVSS Calculator
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.
- References
Affected packages
Ubuntu:25.10
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-agent2",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-sender",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-web-service",
"binary_version": "1:7.0.10+dfsg-2build1"
}
]
}Ubuntu:Pro:14.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:2.*
1:2.0.6+dfsg-1ubuntu2
1:2.2.0+dfsg-1ubuntu1
1:2.2.0+dfsg-6ubuntu1
1:2.2.1+dfsg-1ubuntu3
1:2.2.2+dfsg-1ubuntu1
1:2.2.2+dfsg-1ubuntu1+esm1
1:2.2.2+dfsg-1ubuntu1+esm3
1:2.2.2+dfsg-1ubuntu1+esm4
1:2.2.2+dfsg-1ubuntu1+esm5
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
}
]
}Ubuntu:Pro:16.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:2.*
1:2.4.6+dfsg-1
1:2.4.7+dfsg-1
1:2.4.7+dfsg-2
1:2.4.7+dfsg-2ubuntu2
1:2.4.7+dfsg-2ubuntu2.1
1:2.4.7+dfsg-2ubuntu2.1+esm1
1:2.4.7+dfsg-2ubuntu2.1+esm2
1:2.4.7+dfsg-2ubuntu2.1+esm3
1:2.4.7+dfsg-2ubuntu2.1+esm4
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
}
]
}Ubuntu:Pro:18.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:3.*
1:3.0.7+dfsg-3
1:3.0.12+dfsg-1
1:3.0.12+dfsg-1ubuntu0.1~esm1
1:3.0.12+dfsg-1ubuntu0.1~esm2
1:3.0.12+dfsg-1ubuntu0.1~esm3
1:3.0.12+dfsg-1ubuntu0.1~esm4
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
}
]
}Ubuntu:Pro:20.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:4.*
1:4.0.4+dfsg-1build2
1:4.0.4+dfsg-1build3
1:4.0.11+dfsg-1
1:4.0.14+dfsg-1
1:4.0.15+dfsg-1
1:4.0.16+dfsg-1
1:4.0.16+dfsg-1build1
1:4.0.17+dfsg-1
1:4.0.17+dfsg-1ubuntu0.1~esm1
1:4.0.17+dfsg-1ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
}
]
}Ubuntu:Pro:22.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:5.*
1:5.0.8+dfsg-1build1
1:5.0.14+dfsg-1
1:5.0.17+dfsg-1
1:5.0.17+dfsg-1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
}
]
}