SB2026030801 - Fedora EPEL 8 update for zabbix6.0

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026030801

SB2026030801 - Fedora EPEL 8 update for zabbix6.0

Published: March 8, 2026

Security Bulletin ID SB2026030801
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Untrusted search path (CVE-ID: CVE-2025-49642)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to library loading hijacking issue in Agent builds for AIX. A local user can hijack library loading on AIX Zabbix Agent.


2) Asymmetric Resource Consumption (Amplification) (CVE-ID: CVE-2025-49643)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to asymmetric resource consumption in the imgstore.php. A remote attacker on the local network can trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Improper authorization (CVE-ID: CVE-2026-23925)

The vulnerability allows a remote user to bypass implemented authorization checks.

The vulnerability exists due to improper authorization checks in certain API endpoints. A remote user with template/host write permissions can create hosts via configuration.import API.


Remediation

Install update from vendor's website.

References