Primary

Context

Zabbix Agent 2 Oracle TNS Connection String Injection Vulnerability

Vulnerability

Patched

A vulnerability exists in Zabbix Agent 2 that allows users to inject an Oracle TNS connection string through the 'service' parameter. This injection can cause Agent 2 to connect to an attacker-controlled server, potentially leaking Oracle database credentials if they are stored in a named session.

Impact

Exploitation of this vulnerability could lead to unauthorized access to Oracle database credentials, allowing an attacker to impersonate a user or access sensitive data.

Remediation

Users can update to Zabbix Agent 2 version 6.0.45, 7.0.24, or 7.4.8, depending on their current version. Instructions for updating Zabbix Agent 2 can be found in the Zabbix documentation.

Added: May 6, 2026, 8:30 AM

Updated: May 6, 2026, 8:30 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

5.9

remediation

8.3

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

5.9

remediation

8.3

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zabbix Agent 2 Oracle TNS Connection String Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Zabbix Agent 2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating