CVE-2026-23924

Published: Mar 24, 2026 Last Modified: Mar 24, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API.

88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Other
Potential Impacts:
Execute Unauthorized Code Or Commands Alter Execution Logic Read Application Data Modify Application Data
Applicable Platforms
Languages: Not Language-Specific, PHP
View CWE Details
https://support.zabbix.com/browse/ZBX-27642
https://support.zabbix.com/browse/ZBX-27642