CVE-2026-23926 - Vulnerability Details - OpenCVE

ReportizFlow

An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Zabbix	Zabbix

No data.

No data.

References

Link	Providers
https://support.zabbix.com/browse/ZBX-27758

History

Wed, 06 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 06 May 2026 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zabbix Zabbix zabbix
Vendors & Products		Zabbix Zabbix zabbix

Wed, 06 May 2026 07:30:00 +0000

Type	Values Removed	Values Added
Description		An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip.
Title		Stored XSS vulnerability in Host navigator widget maintenance tooltip
Weaknesses		CWE-79
References		https://support.zabbix.com/browse/ZBX-27758
Metrics		cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Zabbix

Published: 2026-05-06T06:58:51.362Z

Updated: 2026-05-07T03:55:32.552Z

Reserved: 2026-01-19T14:02:54.327Z

Link: CVE-2026-23926

Vulnrichment

Updated: 2026-05-06T12:59:22.895Z

NVD

Status : Awaiting Analysis

Published: 2026-05-06T08:16:01.837

Modified: 2026-05-07T14:56:04.523

Link: CVE-2026-23926

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23926", "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "state": "PUBLISHED", "assignerShortName": "Zabbix", "dateReserved": "2026-01-19T14:02:54.327Z", "datePublished": "2026-05-06T06:58:51.362Z", "dateUpdated": "2026-05-07T03:55:32.552Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix", "dateUpdated": "2026-05-06T06:58:51.362Z"}, "title": "Stored XSS vulnerability in Host navigator widget maintenance tooltip", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592: Stored XSS"}]}], "affected": [{"vendor": "Zabbix", "product": "Zabbix", "repo": "https://git.zabbix.com/", "modules": ["Frontend"], "versions": [{"status": "affected", "version": "7.0.0", "lessThanOrEqual": "7.0.23", "changes": [{"at": "7.0.24", "status": "unaffected"}], "versionType": "git"}, {"status": "affected", "version": "7.4.0", "lessThanOrEqual": "7.4.7", "changes": [{"at": "7.4.8", "status": "unaffected"}], "versionType": "git"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip.</p>"}]}], "references": [{"url": "https://support.zabbix.com/browse/ZBX-27758"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "configurations": [{"lang": "en", "value": "An attacker creating a malicious maintenance period that must then be shown and opened via the Host navigator widget.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An attacker creating a malicious maintenance period that must then be shown and opened via the Host navigator widget.</p>"}]}], "workarounds": [{"lang": "en", "value": "Disable the Host navigator widget via Administration -> General -> Modules.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Disable the Host navigator widget via Administration -> General -> Modules.</p>"}]}], "solutions": [{"lang": "en", "value": "Update the affected components to their respective fixed versions.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Update the affected components to their respective fixed versions.</p>"}]}], "credits": [{"lang": "en", "value": "Zabbix wants to thank Daniel Santos (@bananabr) for submitting this report on the HackerOne bug bounty platform.", "type": "reporter"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-06T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-23926"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-07T03:55:32.552Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23926", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-06T12:59:17.377406Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-06T12:59:22.895Z"}}], "cna": {"title": "Stored XSS vulnerability in Host navigator widget maintenance tooltip", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Zabbix wants to thank Daniel Santos (@bananabr) for submitting this report on the HackerOne bug bounty platform."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592: Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://git.zabbix.com/", "vendor": "Zabbix", "modules": ["Frontend"], "product": "Zabbix", "versions": [{"status": "affected", "changes": [{"at": "7.0.24", "status": "unaffected"}], "version": "7.0.0", "versionType": "git", "lessThanOrEqual": "7.0.23"}, {"status": "affected", "changes": [{"at": "7.4.8", "status": "unaffected"}], "version": "7.4.0", "versionType": "git", "lessThanOrEqual": "7.4.7"}], "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "Update the affected components to their respective fixed versions.", "supportingMedia": [{"type": "text/html", "value": "<p>Update the affected components to their respective fixed versions.</p>", "base64": false}]}], "references": [{"url": "https://support.zabbix.com/browse/ZBX-27758"}], "workarounds": [{"lang": "en", "value": "Disable the Host navigator widget via Administration -> General -> Modules.", "supportingMedia": [{"type": "text/html", "value": "<p>Disable the Host navigator widget via Administration -> General -> Modules.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip.", "supportingMedia": [{"type": "text/html", "value": "<p>An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "configurations": [{"lang": "en", "value": "An attacker creating a malicious maintenance period that must then be shown and opened via the Host navigator widget.", "supportingMedia": [{"type": "text/html", "value": "<p>An attacker creating a malicious maintenance period that must then be shown and opened via the Host navigator widget.</p>", "base64": false}]}], "providerMetadata": {"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix", "dateUpdated": "2026-05-06T06:58:51.362Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23926", "state": "PUBLISHED", "dateUpdated": "2026-05-07T03:55:32.552Z", "dateReserved": "2026-01-19T14:02:54.327Z", "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "datePublished": "2026-05-06T06:58:51.362Z", "assignerShortName": "Zabbix"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip."}], "id": "CVE-2026-23926", "lastModified": "2026-05-07T14:56:04.523", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-05-06T08:16:01.837", "references": [{"source": "[email protected]", "url": "https://support.zabbix.com/browse/ZBX-27758"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}