Vulnerability in Zabbix

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks). This can lead to confidentiality loss where a regular (non-super) Zabbix administrator leaks data f…

EPSS: 0.000 (9.0th percentile) — read the EPSS interpretation.

Affected products

  • Zabbix — versions 6.0.0, 7.0.0, 7.2.0

Weakness classification (CWE)

References