Zabbix Security Vulnerabilities (CVEs)

Track 25 security vulnerabilities affecting Zabbix products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

11 Critical

6 High

8 Medium

Sort by:

🔔 Get Alerts for Zabbix

CVE-2025-49643 6.5

An authenticated Zabbix user (including Guest accounts) can send specially crafted parameters to /imgstore.php, causing excessive CPU consumption on t...

Dec 1, 2025

CVE-2025-27232 4.9

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver, potentially exposing sensitive ...

Dec 1, 2025

CVE-2025-49641 4.3

This CVE describes an authorization bypass vulnerability in Zabbix where regular users without proper permissions can still access the problem viewing...

Oct 3, 2025

CVE-2025-27236 6.5

A Zabbix API vulnerability allows authenticated users to search other users in their group and access restricted field values they shouldn't have perm...

Oct 3, 2025

CVE-2024-45699 5.4

This CVE describes a reflected Cross-Site Scripting (XSS) vulnerability in Zabbix's /zabbix.php endpoint that allows attackers to inject malicious Jav...

Apr 2, 2025

CVE-2024-36465 8.8

A SQL injection vulnerability in Zabbix allows authenticated low-privilege users with API access to execute arbitrary SQL commands via the groupBy par...

Apr 2, 2025

CVE-2024-42330 9.1

This CVE describes a JavaScript string encoding vulnerability in the HttpRequest object that allows attackers to create specially crafted strings that...

Nov 27, 2024

CVE-2024-42326 4.4

A use-after-free vulnerability in Zabbix's browser.c es_browser_get_variant function could allow memory corruption. This affects Zabbix installations ...

Nov 27, 2024

CVE-2024-42327 9.9

This CVE describes an SQL injection vulnerability in Zabbix's CUser class that allows non-admin users with API access to execute arbitrary SQL queries...

Nov 27, 2024

CVE-2024-36467 7.5

This vulnerability allows authenticated users with API access to escalate their privileges by adding themselves to any group, including administrative...

Nov 27, 2024

CVE-2024-36463 6.5

This vulnerability in Zabbix's JavaScript implementation allows attackers to manipulate the atob function to create arbitrary strings and access inter...

Nov 26, 2024

CVE-2024-36461 9.1

CVE-2024-36461 is a critical memory corruption vulnerability in Zabbix's JavaScript engine that allows authenticated users to directly modify memory p...

Aug 12, 2024

CVE-2024-36460 8.1

This vulnerability in Zabbix's front-end audit log allows unauthorized viewing of plaintext passwords. Attackers with access to the audit log interfac...

Aug 12, 2024

CVE-2024-22114 4.3

This CVE describes an information disclosure vulnerability in Zabbix where unauthenticated users can access host statistics through the System Informa...

Aug 12, 2024

CVE-2024-22116 9.9

This critical vulnerability allows administrators with restricted permissions to execute arbitrary code via the Ping script in Zabbix monitoring syste...

Aug 12, 2024

CVE-2024-22120 9.1

CVE-2024-22120 is a SQL injection vulnerability in Zabbix server's audit logging functionality. Attackers can inject malicious SQL through the unsanit...

May 17, 2024

CVE-2023-32725 9.6

This vulnerability in Zabbix allows session cookie leakage through URL widgets. When testing or executing scheduled reports, the configured website re...

Dec 18, 2023

CVE-2023-32722 9.6

CVE-2023-32722 is a critical buffer overflow vulnerability in Zabbix's JSON parsing module that allows remote code execution when processing malicious...

Oct 12, 2023

CVE-2023-32724 9.1

CVE-2023-32724 is a critical memory corruption vulnerability in Zabbix's Ducktape object that allows attackers to directly access and manipulate memor...

Oct 12, 2023

CVE-2023-32721 7.6

CVE-2023-32721 is a stored cross-site scripting (XSS) vulnerability in Zabbix's web application that allows attackers to inject malicious scripts into...

Oct 12, 2023

CVE-2023-29453 9.8

CVE-2023-29453 is a critical template injection vulnerability in Go's html/template package that allows attackers to inject arbitrary JavaScript code ...

Oct 12, 2023

CVE-2023-29450 8.5

This vulnerability allows attackers to exploit JavaScript pre-processing in Zabbix Server or Proxy to gain read-only file system access under the 'zab...

Jul 13, 2023

CVE-2021-46088 7.2

This vulnerability allows authenticated Zabbix administrators to execute arbitrary shell commands on the Zabbix server, leading to full system comprom...

Jan 27, 2022

CVE-2022-23131 9.1

This vulnerability allows unauthenticated attackers to modify session data and escalate privileges to admin access in Zabbix Frontend when SAML SSO au...

Jan 13, 2022

CVE-2022-22704 9.8

CVE-2022-22704 is a privilege escalation vulnerability in zabbix-agent2 on Alpine Linux that allows local users to gain root privileges. The vulnerabi...

Jan 6, 2022

Why Monitor Zabbix Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 25+ known vulnerabilities affecting Zabbix products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Zabbix packages in under 60 seconds. No agents required - completely agentless scanning that works across Zabbix deployments.

Free vulnerability database: Access detailed information about every Zabbix CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Zabbix CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Zabbix CVEs Free