CISA has added two critical vulnerabilities in the Zabbix enterprise monitoring solution (CVE-2022-23131 and CVE-2022-23134) to its Known Exploited Vulnerabilities Catalog. These flaws—found in Zabbix Web Frontend—allow attackers to bypass authentication and gain admin privileges, potentially letting them execute arbitrary commands and compromise the monitored network. The vulnerabilities affect all supported versions before 5.4.8, 5.0.18, and 4.0.36, especially when SAML Single-Sign-On is enabled.
Proof-of-concept code is publicly available, and CISA warns that the vulnerabilities are being exploited in the wild. Patches are available, and agencies are directed to apply them within two weeks as per federal directives. Organizations should urgently update Zabbix Web Frontend to the fixed versions to mitigate risk.
