CVE-2026-23924

Medium CVSS: 6.1

Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API.

Vendor

Product

CWE

CWE-88

Yayın Tarihi

2026-03-24 19:16:50

Güncelleme

2026-03-25 15:41:58

Source Identifier

security@zabbix.com

KEV Date Added

Kategoriler

CWE-88 MEDIUM 2026

Referanslar

https://support.zabbix.com/browse/ZBX-27642