Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1426

NIXPKGS-2026-1426
published on
Permalink CVE-2026-23926
updated an hour ago by @LeSuisse Activity log
  • Created suggestion 11 hours ago
  • @LeSuisse ignored
    55 packages
    • zabbixctl
    • zabbix-cli
    • zabbix60.web
    • zabbix.agent
    • zabbix.web
    • zabbix.agent2
    • zabbix.server
    • zabbix60.agent
    • zabbix70.agent
    • zabbix72.agent
    • zabbix74.agent
    • zabbix60.agent2
    • zabbix60.server
    • zabbix70.agent2
    • zabbix70.server
    • zabbix72.agent2
    • zabbix72.proxy-pgsql
    • zabbix70.proxy-sqlite
    • zabbix70.server-mysql
    • zabbix70.server-pgsql
    • zabbix72.proxy-sqlite
    • zabbix72.server-mysql
    • zabbix72.server-pgsql
    • zabbix74.proxy-sqlite
    • zabbix74.server-mysql
    • zabbix74.server-pgsql
    • python312Packages.pyzabbix
    • python313Packages.pyzabbix
    • python314Packages.pyzabbix
    • python312Packages.py-zabbix
    • python313Packages.py-zabbix
    • python314Packages.py-zabbix
    • python312Packages.zabbix-utils
    • python313Packages.zabbix-utils
    • python314Packages.zabbix-utils
    • zabbix-agent2-plugin-postgresql
    • zabbix60.proxy-sqlite
    • zabbix60.server-mysql
    • zabbix60.server-pgsql
    • zabbix.proxy-sqlite
    • zabbix.server-mysql
    • zabbix.server-pgsql
    • zabbix60.proxy-mysql
    • zabbix60.proxy-pgsql
    • zabbix70.proxy-mysql
    • zabbix70.proxy-pgsql
    • zabbix72.proxy-mysql
    • zabbix74.proxy-mysql
    • zabbix74.proxy-pgsql
    • zabbix.proxy-mysql
    • zabbix74.server
    • zabbix72.server
    • zabbix74.agent2
    • zabbix.proxy-pgsql
    • zabbix74.web
    an hour ago
  • @LeSuisse accepted an hour ago
  • @LeSuisse published on GitHub an hour ago
Stored XSS vulnerability in Host navigator widget maintenance tooltip

An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the tooltip.

Affected products

Zabbix
  • =<7.0.23
  • =<7.4.7

Matching in nixpkgs

pkgs.zabbix70.web

Enterprise-class open source distributed monitoring solution (web frontend)

pkgs.zabbix72.web

Enterprise-class open source distributed monitoring solution (web frontend)

Ignored packages (55)

pkgs.zabbix.web

Enterprise-class open source distributed monitoring solution (web frontend)

pkgs.zabbix.agent

Enterprise-class open source distributed monitoring solution (client-side agent)

pkgs.zabbix60.web

Enterprise-class open source distributed monitoring solution (web frontend)

pkgs.zabbix74.web

Enterprise-class open source distributed monitoring solution (web frontend)

pkgs.zabbix72.agent

Enterprise-class open source distributed monitoring solution (client-side agent)

pkgs.zabbix74.agent

Enterprise-class open source distributed monitoring solution (client-side agent)

pkgs.zabbix74.proxy-mysql

Enterprise-class open source distributed monitoring solution (client-server proxy)

pkgs.zabbix74.proxy-pgsql

Enterprise-class open source distributed monitoring solution (client-server proxy)

Package maintainers