UBUNTU-CVE-2026-23926
- Source
- https://ubuntu.com/security/CVE-2026-23926
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23926.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-23926
- Upstream
- Published
- 2026-05-06T08:16:00Z
- Modified
- 2026-05-27T19:15:08.949277210Z
- Severity
-
- 7.3 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip.
- References
Affected packages
Ubuntu:25.10
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-agent2",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-sender",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:7.0.10+dfsg-2build1"
},
{
"binary_name": "zabbix-web-service",
"binary_version": "1:7.0.10+dfsg-2build1"
}
]
}Ubuntu:26.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:7.0.22+dfsg-1"
},
{
"binary_name": "zabbix-agent2",
"binary_version": "1:7.0.22+dfsg-1"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:7.0.22+dfsg-1"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:7.0.22+dfsg-1"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:7.0.22+dfsg-1"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:7.0.22+dfsg-1"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:7.0.22+dfsg-1"
},
{
"binary_name": "zabbix-sender",
"binary_version": "1:7.0.22+dfsg-1"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:7.0.22+dfsg-1"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:7.0.22+dfsg-1"
},
{
"binary_name": "zabbix-web-service",
"binary_version": "1:7.0.22+dfsg-1"
}
]
}Ubuntu:Pro:14.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:2.*
1:2.0.6+dfsg-1ubuntu2
1:2.2.0+dfsg-1ubuntu1
1:2.2.0+dfsg-6ubuntu1
1:2.2.1+dfsg-1ubuntu3
1:2.2.2+dfsg-1ubuntu1
1:2.2.2+dfsg-1ubuntu1+esm1
1:2.2.2+dfsg-1ubuntu1+esm3
1:2.2.2+dfsg-1ubuntu1+esm4
1:2.2.2+dfsg-1ubuntu1+esm5
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm5"
}
]
}Ubuntu:Pro:16.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:2.*
1:2.4.6+dfsg-1
1:2.4.7+dfsg-1
1:2.4.7+dfsg-2
1:2.4.7+dfsg-2ubuntu2
1:2.4.7+dfsg-2ubuntu2.1
1:2.4.7+dfsg-2ubuntu2.1+esm1
1:2.4.7+dfsg-2ubuntu2.1+esm2
1:2.4.7+dfsg-2ubuntu2.1+esm3
1:2.4.7+dfsg-2ubuntu2.1+esm4
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm4"
}
]
}Ubuntu:Pro:18.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:3.*
1:3.0.7+dfsg-3
1:3.0.12+dfsg-1
1:3.0.12+dfsg-1ubuntu0.1~esm1
1:3.0.12+dfsg-1ubuntu0.1~esm2
1:3.0.12+dfsg-1ubuntu0.1~esm3
1:3.0.12+dfsg-1ubuntu0.1~esm4
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm4"
}
]
}Ubuntu:Pro:20.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:4.*
1:4.0.4+dfsg-1build2
1:4.0.4+dfsg-1build3
1:4.0.11+dfsg-1
1:4.0.14+dfsg-1
1:4.0.15+dfsg-1
1:4.0.16+dfsg-1
1:4.0.16+dfsg-1build1
1:4.0.17+dfsg-1
1:4.0.17+dfsg-1ubuntu0.1~esm1
1:4.0.17+dfsg-1ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm2"
}
]
}Ubuntu:Pro:22.04:LTS
zabbix
Package
- Name
- zabbix
- Purl
- pkg:deb/ubuntu/zabbix?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:5.*
1:5.0.8+dfsg-1build1
1:5.0.14+dfsg-1
1:5.0.17+dfsg-1
1:5.0.17+dfsg-1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:5.0.17+dfsg-1ubuntu0.1~esm1"
}
]
}