An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time.

Description

Affected Products

Vendor	Product	Versions
Zabbix	Zabbix	ZBX-27638, ZBX-27639, ZBX-27640, ZBX-27641, ZBX-27642

References

https://support.zabbix.com/browse/ZBX-27641

Related News (2 articles)

Tier B

BSI Advisories1d ago

[NEU] [hoch] Zabbix: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR2d ago

Multiples vulnérabilités dans Zabbix (25 mars 2026)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-470

Published3/24/2026

Last enriched9h agov3

Trending Score45

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Version History

Last enriched 9h ago

v3Tier B9h ago

Updated severity to HIGH and marked the vulnerability as actively exploited with an exploit available.

severityexploitAvailableactivelyExploited

via CERT-FR

v2Tier B10h ago

Added vendor and product information for Zabbix, updated severity to HIGH, and marked the vulnerability as actively exploited with available exploits.

vendorproductaffectedVersions

via CERT-FR

v111h ago

Initial creation