Primary

Context

Zabbix Frontend Unauthenticated Arbitrary PHP Class Instantiation Vulnerability

Vulnerability

Patched

A vulnerability exists in the Zabbix Frontend 'validate' action, allowing unauthenticated attackers to blindly instantiate arbitrary PHP classes. While the impact may vary depending on the environment setup, it currently appears to be limited.

Impact

Exploitation of this vulnerability could lead to unauthorized instantiation of PHP classes, potentially allowing for further exploitation depending on the instantiated classes and the environment.

Remediation

Users are advised to update to Zabbix version 7.4.7, which addresses this vulnerability.

Added: Mar 24, 2026, 7:42 PM

Updated: Mar 24, 2026, 7:42 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

8.7

remediation

7.7

relevance

4.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

8.7

remediation

7.7

relevance

4.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zabbix Frontend Unauthenticated Arbitrary PHP Class Instantiation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Zabbix

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating