CVE-2026-23927
Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter
A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N
Produtos afetados
Zabbix · ZabbixQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://support.zabbix.com/browse/ZBX-27759