IsItPatchedInstant security status for any software version
← All products

CVE-2022-23131

CRITICAL severity · CVSS 9.1 · CWE-290 · actively exploited (CISA KEV)
9.1CVSS CRITICAL ● exploited
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities). Added to KEV 2022-02-22. US federal agencies must patch by 2022-03-08.

Summary

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactNone
Exploit probability (EPSS)94%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products we track (1)

Zabbix

Recommendation

This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.

Official patch: https://support.zabbix.com/browse/ZBX-20350 ↗

Additional information

Last checked: Wed, 10 Jun 2026 22:18:30 UTC