CVE-2026-23927

Summary

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.

Affected Software

VendorProductVersion RangeStatus
ZabbixZabbix6.0.0 <= 6.0.44affected
ZabbixZabbix7.0.0 <= 7.0.23affected
ZabbixZabbix7.4.0 <= 7.4.7affected

Weaknesses

  • CWE-522: CWE-522: Insufficiently Protected Credentials

Workarounds

Don't use named sessions for Oracle database monitoring.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References