Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Zabbix — Vulnerabilities & Security Advisories 83

Browse all 83 CVE security advisories affecting Zabbix. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zabbix is an enterprise-class open-source monitoring solution designed for real-time observation of IT infrastructure, including servers, networks, and applications. Its architecture relies on a central server, database, and agents to collect performance metrics and trigger alerts. Historically, the platform has been associated with eighty-three recorded Common Vulnerabilities and Exposures (CVEs), predominantly involving SQL injection, cross-site scripting, and remote code execution flaws. These issues often stem from insufficient input validation within the web interface or improper access controls in API endpoints. While the software itself is robust, its complexity in deployment can introduce configuration weaknesses. Notable incidents have highlighted risks related to privilege escalation and unauthorized data access, emphasizing the need for rigorous patch management. Security audits frequently recommend disabling unused modules and enforcing strict network segmentation to mitigate potential exploitation vectors inherent in its extensive feature set.

Top products by Zabbix: Zabbix Frontend Zabbix Server Proxy, Server Zabbix agent (MSI packages) Web Service Report Generation
CVE IDTitleCVSSSeverityPublished
CVE-2023-29456 Inefficient URL schema validation — ZabbixCWE-20 5.7 Medium2023-07-13
CVE-2023-29455 Reflected XSS in several fields of graph form — ZabbixCWE-20 5.4 Medium2023-07-13
CVE-2023-29454 Persistent XSS in the user form — ZabbixCWE-20 5.4 Medium2023-07-13
CVE-2023-29452 Remove possibility to add html into Geomap attribution field — ZabbixCWE-20 5.5 Medium2023-07-13
CVE-2023-29451 Denial of service caused by a bug in the JSON parser — ZabbixCWE-20 4.7 Medium2023-07-13
CVE-2023-29450 Unauthorized limited filesystem access from preprocessing — ZabbixCWE-200 8.5 High2023-07-13
CVE-2023-29449 Limited control of resource utilization in JS preprocessing — ZabbixCWE-400 5.9 Medium2023-07-13
CVE-2022-46768 File name information disclosure vulnerability in Zabbix Web Service Report Generation — Web Service Report GenerationCWE-20 5.9 Medium2022-12-19
CVE-2022-43516 Zabbix Agent installer adds “allow all TCP any any” firewall rule — Zabbix agent (MSI packages)CWE-16 6.5 Medium2022-12-12
CVE-2022-43515 X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode — FrontendCWE-20 5.3 Medium2022-12-12
CVE-2022-40626 Reflected XSS in the backurl parameter of Zabbix Frontend — FrontendCWE-79 4.8 Medium2022-09-14
CVE-2022-35230 Reflected XSS in graphs page of Zabbix Frontend — FrontendCWE-79 3.7 Low2022-07-06
CVE-2022-35229 Reflected XSS in discovery page of Zabbix Frontend — FrontendCWE-79 3.7 Low2022-07-06
CVE-2022-24919 Reflected XSS in graph configuration window of Zabbix Frontend — FrontendCWE-79 3.7 Low2022-03-09
CVE-2022-24918 Reflected XSS in item configuration window of Zabbix Frontend — FrontendCWE-79 3.7 Low2022-03-09
CVE-2022-24917 Reflected XSS in service configuration window of Zabbix Frontend — FrontendCWE-79 3.7 Low2022-03-09
CVE-2022-24349 Reflected XSS in action configuration window of Zabbix Frontend — FrontendCWE-79 4.6 Medium2022-03-09
CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists — FrontendCWE-284 3.7 Low2022-01-13
CVE-2022-23133 Stored XSS in host groups configuration window in Zabbix Frontend — FrontendCWE-79 6.3 Medium2022-01-13
CVE-2022-23132 Incorrect permissions of [/var/run/zabbix] forces dac_override — Proxy, ServerCWE-284 3.3 Low2022-01-13
CVE-2022-23131 Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML — FrontendCWE-290 9.1 Critical2022-01-13
CVE-2013-3628 Zabbix 注入漏洞 — Zabbix 8.8 -2020-02-07
CVE-2017-2824 Zabbix 安全漏洞 — Zabbix Server 9.8 -2017-05-24

This page lists every published CVE security advisory associated with Zabbix. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.