HIGHCVE-2026-23926Published Modified CNA Zabbix
CVE-2026-23926: Stored XSS vulnerability in Host navigator widget maintenance tooltip
An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip.
Metrics
- CVSS v4.0
- 7.3
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- Zabbix / Zabbix≤ 7.0.23 · ≤ 7.4.7
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences