Zabbix vulnerabilities: known CVEs & security history
Zabbix · Infrastructure · 96 tracked CVEs · 2 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Zabbix release lines — 96 in total, with 2 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Zabbix's current status and the safe version to run.
Known Zabbix CVEs
Actively-exploited and most-severe first. Showing the top 80 of 96. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2022-23131⚡ exploited | critical | 9.1 | 96% | 2022 |
| CVE-2022-23134⚡ exploited | low | 3.7 | 85% | 2022 |
| CVE-2024-42327 | critical | 9.9 | 79% | 2024 |
| CVE-2024-22116 | critical | 9.9 | 2% | 2024 |
| CVE-2020-11800 | critical | 9.8 | 9% | 2020 |
| CVE-2013-3738 | critical | 9.8 | 3% | 2020 |
| CVE-2013-5743 | critical | 9.8 | 80% | 2019 |
| CVE-2014-3005 | critical | 9.8 | 5% | 2018 |
| CVE-2016-10134 | critical | 9.8 | 83% | 2017 |
| CVE-2023-32722 | critical | 9.6 | 1% | 2023 |
| CVE-2024-42330 | critical | 9.1 | 1% | 2024 |
| CVE-2024-36461 | critical | 9.1 | 1% | 2024 |
| CVE-2024-22120 | critical | 9.1 | 77% | 2024 |
| CVE-2023-32724 | critical | 9.1 | 1% | 2023 |
| CVE-2019-17382 | critical | 9.1 | 54% | 2019 |
| CVE-2007-0640 | high | 10 | 2% | 2007 |
| CVE-2009-4502 | high | 9.3 | 22% | 2009 |
| CVE-2024-36465 | high | 8.8 | 21% | 2025 |
| CVE-2024-36466 | high | 8.8 | 1% | 2024 |
| CVE-2021-27927 | high | 8.8 | 1% | 2021 |
| CVE-2013-3628 | high | 8.8 | 67% | 2020 |
| CVE-2023-32723 | high | 8.5 | 1% | 2023 |
| CVE-2023-29450 | high | 8.5 | 1% | 2023 |
| CVE-2026-23925 | high | 8.1 | 0% | 2026 |
| CVE-2024-36460 | high | 8.1 | 1% | 2024 |
| CVE-2017-2824 | high | 8.1 | 26% | 2017 |
| CVE-2016-4338 | high | 8.1 | 21% | 2017 |
| CVE-2023-32721 | high | 7.6 | 1% | 2023 |
| CVE-2024-36467 | high | 7.5 | 1% | 2024 |
| CVE-2024-36462 | high | 7.5 | 1% | 2024 |
| CVE-2013-7484 | high | 7.5 | 1% | 2019 |
| CVE-2014-9450 | high | 7.5 | 1% | 2015 |
| CVE-2013-6824 | high | 7.5 | 3% | 2013 |
| CVE-2012-3435 | high | 7.5 | 4% | 2012 |
| CVE-2011-4674 | high | 7.5 | 3% | 2011 |
| CVE-2010-5049 | high | 7.5 | 1% | 2011 |
| CVE-2010-1277 | high | 7.5 | 2% | 2010 |
| CVE-2009-4499 | high | 7.5 | 2% | 2009 |
| CVE-2006-6692 | high | 7.5 | 8% | 2006 |
| CVE-2006-6693 | high | 7.5 | 3% | 2006 |
| CVE-2025-27240 | high | 7.2 | 1% | 2025 |
| CVE-2021-46088 | high | 7.2 | 4% | 2022 |
| CVE-2017-2825 | high | 7 | 4% | 2018 |
| CVE-2009-4498 | medium | 6.8 | 32% | 2009 |
| CVE-2025-27236 | medium | 6.5 | 0% | 2025 |
| CVE-2024-45700 | medium | 6.5 | 0% | 2025 |
| CVE-2024-36463 | medium | 6.5 | 1% | 2024 |
| CVE-2022-43516 | medium | 6.5 | 1% | 2022 |
| CVE-2022-23133 | medium | 6.3 | 1% | 2022 |
| CVE-2024-22121 | medium | 6.1 | 0% | 2024 |
| CVE-2020-15803 | medium | 6.1 | 32% | 2020 |
| CVE-2016-10742 | medium | 6.1 | 3% | 2019 |
| CVE-2023-29458 | medium | 5.9 | 1% | 2023 |
| CVE-2023-29449 | medium | 5.9 | 1% | 2023 |
| CVE-2024-22119 | medium | 5.5 | 1% | 2024 |
| CVE-2023-29452 | medium | 5.5 | 62% | 2023 |
| CVE-2014-1685 | medium | 5.5 | 1% | 2014 |
| CVE-2024-45699 | medium | 5.4 | 0% | 2025 |
| CVE-2019-15132 | medium | 5.3 | 2% | 2019 |
| CVE-2013-1364 | medium | 5 | 2% | 2013 |
| CVE-2011-3265 | medium | 5 | 1% | 2011 |
| CVE-2011-3264 | medium | 5 | 1% | 2011 |
| CVE-2011-3263 | medium | 5 | 1% | 2011 |
| CVE-2009-4501 | medium | 5 | 9% | 2009 |
| CVE-2009-4500 | medium | 5 | 2% | 2009 |
| CVE-2025-27231 | medium | 4.9 | 0% | 2025 |
| CVE-2022-40626 | medium | 4.8 | 1% | 2022 |
| CVE-2023-29451 | medium | 4.7 | 1% | 2023 |
| CVE-2024-42326 | medium | 4.4 | 0% | 2024 |
| CVE-2025-49641 | medium | 4.3 | 0% | 2025 |
| CVE-2024-22114 | medium | 4.3 | 1% | 2024 |
| CVE-2012-6086 | medium | 4.3 | 1% | 2014 |
| CVE-2011-5027 | medium | 4.3 | 2% | 2011 |
| CVE-2011-4615 | medium | 4.3 | 1% | 2011 |
| CVE-2011-2904 | medium | 4.3 | 2% | 2011 |
| CVE-2010-2790 | medium | 4.3 | 2% | 2010 |
| CVE-2008-1353 | medium | 4.3 | 6% | 2008 |
| CVE-2014-1682 | medium | 4 | 2% | 2014 |
| CVE-2024-42332 | low | 3.7 | 1% | 2024 |
| CVE-2022-35230 | low | 3.7 | 1% | 2022 |
16 older / lower-severity CVEs not shown — see Zabbix's full record.
Is my Zabbix version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Zabbix version → · Monitor Zabbix for new CVEs →
Zabbix vulnerabilities — frequently asked
How many known vulnerabilities does Zabbix have?
IsItPatched tracks 96 CVEs for Zabbix, 2 of which are actively exploited (CISA KEV). 14 are critical-severity and 28 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Zabbix have any actively-exploited vulnerabilities?
Yes — 2 Zabbix CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild. Patch these as a priority.
What is the most severe Zabbix vulnerability?
Among tracked issues, CVE-2022-23131 (CRITICAL, CVSS 9.1), which is actively exploited, ranks highest — a CWE-290 weakness.
Is Zabbix safe to use?
It depends on the version. The latest supported Zabbix release (7.4.11) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Zabbix security status · Zabbix end-of-life · actively-exploited CVEs. Always verify against Zabbix's advisories — see our disclaimer.