Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-53f2-uzt4-pqgs
SummaryA low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data through time-based techniques, potentially leading to session identifier disclosure and administrator account compromise.
Aliases
0
alias CVE-2026-23921
Fixed_packages
0
url pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
purl pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1
1
url pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1~deb13u1?distro=trixie
purl pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.22%252Bdfsg-1~deb13u1%3Fdistro=trixie
2
url pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.22%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1.1?distro=trixie
purl pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.22%252Bdfsg-1.1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1
purl pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18kh-njx3-p7aw
1
vulnerability VCID-21tq-54r3-cqec
2
vulnerability VCID-2jas-5kc1-puat
3
vulnerability VCID-35gu-ctk8-2yd2
4
vulnerability VCID-3azv-fsyx-n3fz
5
vulnerability VCID-3stx-z7ze-wbe8
6
vulnerability VCID-4c5a-bddp-pka5
7
vulnerability VCID-53f2-uzt4-pqgs
8
vulnerability VCID-5t3t-6uqs-akbk
9
vulnerability VCID-5wgt-e67m-ffah
10
vulnerability VCID-75fb-vhhc-fbe8
11
vulnerability VCID-8eb9-mxpg-5kf2
12
vulnerability VCID-8zqh-3xt2-nbdq
13
vulnerability VCID-ambh-afzs-2kg9
14
vulnerability VCID-beqm-vczf-dqgj
15
vulnerability VCID-bff2-nhum-ckhj
16
vulnerability VCID-bm7b-qurk-2qdk
17
vulnerability VCID-buz8-zycr-tbh2
18
vulnerability VCID-dr1v-72p6-2yhn
19
vulnerability VCID-fefk-6mjh-67fm
20
vulnerability VCID-frdw-trch-uufq
21
vulnerability VCID-gapt-kwkw-kkek
22
vulnerability VCID-gda8-xx5v-u7g2
23
vulnerability VCID-gj5s-dde8-1ubx
24
vulnerability VCID-h5fw-ktc6-rqd3
25
vulnerability VCID-hhsz-ba47-zka4
26
vulnerability VCID-jate-jey2-n3g1
27
vulnerability VCID-jcd1-hyep-c3h3
28
vulnerability VCID-jkcz-zpks-ubgz
29
vulnerability VCID-jked-29nn-tqe3
30
vulnerability VCID-jx4z-thz3-rbdw
31
vulnerability VCID-k8pk-h464-kuek
32
vulnerability VCID-mpy5-d7qa-u7fz
33
vulnerability VCID-n38c-6usb-tkgq
34
vulnerability VCID-nv7m-hsr3-17gk
35
vulnerability VCID-pgj4-u64z-17bt
36
vulnerability VCID-s4mv-539d-33cm
37
vulnerability VCID-sc8u-4w9c-23ev
38
vulnerability VCID-t864-v2g6-jbhk
39
vulnerability VCID-tt47-6swy-n3cw
40
vulnerability VCID-u4hp-dwsj-53b9
41
vulnerability VCID-ubyg-pbmy-ekds
42
vulnerability VCID-vuzz-by1n-aff9
43
vulnerability VCID-w4dd-77t2-wuc7
44
vulnerability VCID-wv5n-ccn5-fqc2
45
vulnerability VCID-xaqm-x1w4-s3hn
46
vulnerability VCID-xbu8-2jvk-83gy
47
vulnerability VCID-xjrj-meu6-qkc8
48
vulnerability VCID-xwr8-85au-ukd7
49
vulnerability VCID-ytep-z8dn-vfh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:5.0.8%252Bdfsg-1
1
url pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18kh-njx3-p7aw
1
vulnerability VCID-53f2-uzt4-pqgs
2
vulnerability VCID-8zqh-3xt2-nbdq
3
vulnerability VCID-bff2-nhum-ckhj
4
vulnerability VCID-dr1v-72p6-2yhn
5
vulnerability VCID-frdw-trch-uufq
6
vulnerability VCID-gapt-kwkw-kkek
7
vulnerability VCID-gj5s-dde8-1ubx
8
vulnerability VCID-nv7m-hsr3-17gk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:5.0.8%252Bdfsg-1%3Fdistro=trixie
2
url pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1
purl pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18kh-njx3-p7aw
1
vulnerability VCID-21tq-54r3-cqec
2
vulnerability VCID-2jas-5kc1-puat
3
vulnerability VCID-35gu-ctk8-2yd2
4
vulnerability VCID-3azv-fsyx-n3fz
5
vulnerability VCID-3stx-z7ze-wbe8
6
vulnerability VCID-53f2-uzt4-pqgs
7
vulnerability VCID-547k-dyst-k3gx
8
vulnerability VCID-5t3t-6uqs-akbk
9
vulnerability VCID-75fb-vhhc-fbe8
10
vulnerability VCID-7ajm-my3d-7fgy
11
vulnerability VCID-8eb9-mxpg-5kf2
12
vulnerability VCID-8zqh-3xt2-nbdq
13
vulnerability VCID-ambh-afzs-2kg9
14
vulnerability VCID-beqm-vczf-dqgj
15
vulnerability VCID-bff2-nhum-ckhj
16
vulnerability VCID-buz8-zycr-tbh2
17
vulnerability VCID-dr1v-72p6-2yhn
18
vulnerability VCID-fefk-6mjh-67fm
19
vulnerability VCID-frdw-trch-uufq
20
vulnerability VCID-gapt-kwkw-kkek
21
vulnerability VCID-gj5s-dde8-1ubx
22
vulnerability VCID-h5fw-ktc6-rqd3
23
vulnerability VCID-hhsz-ba47-zka4
24
vulnerability VCID-jate-jey2-n3g1
25
vulnerability VCID-jkcz-zpks-ubgz
26
vulnerability VCID-jked-29nn-tqe3
27
vulnerability VCID-jx4z-thz3-rbdw
28
vulnerability VCID-jy3a-zvh4-b3ag
29
vulnerability VCID-kfz9-wq8k-nkb3
30
vulnerability VCID-m5us-tmqh-wkbm
31
vulnerability VCID-mpy5-d7qa-u7fz
32
vulnerability VCID-n38c-6usb-tkgq
33
vulnerability VCID-nv7m-hsr3-17gk
34
vulnerability VCID-pgj4-u64z-17bt
35
vulnerability VCID-pr1g-m4k2-1ue1
36
vulnerability VCID-sc8u-4w9c-23ev
37
vulnerability VCID-t864-v2g6-jbhk
38
vulnerability VCID-tbsd-gk6n-9ygc
39
vulnerability VCID-u4hp-dwsj-53b9
40
vulnerability VCID-ubyg-pbmy-ekds
41
vulnerability VCID-vuzz-by1n-aff9
42
vulnerability VCID-w384-t6ne-s3g7
43
vulnerability VCID-w4dd-77t2-wuc7
44
vulnerability VCID-wurt-zx5x-8kds
45
vulnerability VCID-wv5n-ccn5-fqc2
46
vulnerability VCID-xaqm-x1w4-s3hn
47
vulnerability VCID-xwr8-85au-ukd7
48
vulnerability VCID-ytep-z8dn-vfh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1
3
url pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18kh-njx3-p7aw
1
vulnerability VCID-21tq-54r3-cqec
2
vulnerability VCID-2jas-5kc1-puat
3
vulnerability VCID-35gu-ctk8-2yd2
4
vulnerability VCID-3azv-fsyx-n3fz
5
vulnerability VCID-3stx-z7ze-wbe8
6
vulnerability VCID-53f2-uzt4-pqgs
7
vulnerability VCID-547k-dyst-k3gx
8
vulnerability VCID-5t3t-6uqs-akbk
9
vulnerability VCID-75fb-vhhc-fbe8
10
vulnerability VCID-7ajm-my3d-7fgy
11
vulnerability VCID-8eb9-mxpg-5kf2
12
vulnerability VCID-8zqh-3xt2-nbdq
13
vulnerability VCID-ambh-afzs-2kg9
14
vulnerability VCID-beqm-vczf-dqgj
15
vulnerability VCID-bff2-nhum-ckhj
16
vulnerability VCID-buz8-zycr-tbh2
17
vulnerability VCID-dr1v-72p6-2yhn
18
vulnerability VCID-fefk-6mjh-67fm
19
vulnerability VCID-frdw-trch-uufq
20
vulnerability VCID-gapt-kwkw-kkek
21
vulnerability VCID-gj5s-dde8-1ubx
22
vulnerability VCID-h5fw-ktc6-rqd3
23
vulnerability VCID-hhsz-ba47-zka4
24
vulnerability VCID-jate-jey2-n3g1
25
vulnerability VCID-jkcz-zpks-ubgz
26
vulnerability VCID-jked-29nn-tqe3
27
vulnerability VCID-jx4z-thz3-rbdw
28
vulnerability VCID-jy3a-zvh4-b3ag
29
vulnerability VCID-kfz9-wq8k-nkb3
30
vulnerability VCID-m5us-tmqh-wkbm
31
vulnerability VCID-mpy5-d7qa-u7fz
32
vulnerability VCID-n38c-6usb-tkgq
33
vulnerability VCID-nv7m-hsr3-17gk
34
vulnerability VCID-pgj4-u64z-17bt
35
vulnerability VCID-pr1g-m4k2-1ue1
36
vulnerability VCID-sc8u-4w9c-23ev
37
vulnerability VCID-t864-v2g6-jbhk
38
vulnerability VCID-tbsd-gk6n-9ygc
39
vulnerability VCID-u4hp-dwsj-53b9
40
vulnerability VCID-ubyg-pbmy-ekds
41
vulnerability VCID-vuzz-by1n-aff9
42
vulnerability VCID-w384-t6ne-s3g7
43
vulnerability VCID-w4dd-77t2-wuc7
44
vulnerability VCID-wurt-zx5x-8kds
45
vulnerability VCID-wv5n-ccn5-fqc2
46
vulnerability VCID-xaqm-x1w4-s3hn
47
vulnerability VCID-xwr8-85au-ukd7
48
vulnerability VCID-ytep-z8dn-vfh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1%3Fdistro=trixie
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23921
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14195
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23921
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23921
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://support.zabbix.com/browse/ZBX-27640
reference_id ZBX-27640
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:24:25Z/
url https://support.zabbix.com/browse/ZBX-27640
Weaknesses
0
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Exploits
Severity_range_score5.3 - 8.7
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-53f2-uzt4-pqgs