Fluid Attacks Database

Description

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 12	zabbix	=1:6.0.14+dfsg-1 \|\| =1:6.0.23+dfsg-1 \|\| =1:6.0.23+dfsg-1~bpo12+1 \|\| =1:6.0.24+dfsg-1 \|\| =1:6.0.25+dfsg-1 \|\| =1:6.0.29+dfsg-1 \|\| =1:7.0.0+dfsg-1 \|\| =1:7.0.0+dfsg-2 \|\| =1:7.0.0+dfsg-2~bpo12+1 \|\| =1:7.0.1+dfsg-1 \|\| =1:7.0.1+dfsg-1~bpo12+1 \|\| =1:7.0.10+dfsg-1 \|\| =1:7.0.10+dfsg-2 \|\| =1:7.0.2+dfsg-1 \|\| =1:7.0.2+dfsg-1~bpo12+1 \|\| =1:7.0.22+dfsg-1 \|\| =1:7.0.22+dfsg-1.1 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1 \|\| =1:7.0.3+dfsg-1 \|\| =1:7.0.5+dfsg-1 \|\| =1:7.0.5+dfsg-1~bpo12+1 \|\| =1:7.0.6+dfsg-1 \|\| =1:7.0.9+dfsg-1 \|\| =1:7.0.9+dfsg-1~bpo12+1
debian 13	zabbix	=1:7.0.10+dfsg-2 \|\| =1:7.0.22+dfsg-1 \|\| =1:7.0.22+dfsg-1.1 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1
debian 14	zabbix	=1:7.0.10+dfsg-2 \|\| =1:7.0.22+dfsg-1 \|\| =1:7.0.22+dfsg-1.1 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1
debian 11	zabbix	=1:5.0.14+dfsg-1 \|\| =1:5.0.14+dfsg-1~bpo11+1 \|\| =1:5.0.17+dfsg-1 \|\| =1:5.0.17+dfsg-1~bpo11+1 \|\| =1:5.0.44+dfsg-1+deb11u1 \|\| =1:5.0.45+dfsg-1+deb11u1 \|\| =1:5.0.46+dfsg-1+deb11u1 \|\| =1:5.0.47+dfsg-0+deb11u1 \|\| =1:5.0.8+dfsg-1 \|\| =1:6.0.10+dfsg-1 \|\| =1:6.0.13+dfsg-1 \|\| =1:6.0.14+dfsg-1 \|\| =1:6.0.14+dfsg-1~bpo11+1 \|\| =1:6.0.23+dfsg-1 \|\| =1:6.0.23+dfsg-1~bpo12+1 \|\| =1:6.0.24+dfsg-1 \|\| =1:6.0.25+dfsg-1 \|\| =1:6.0.29+dfsg-1 \|\| =1:6.0.3+dfsg-1 \|\| =1:6.0.6+dfsg-1 \|\| =1:6.0.7+dfsg-1 \|\| =1:6.0.7+dfsg-2 \|\| =1:6.0.7+dfsg-2~bpo11+1 \|\| =1:6.0.7+dfsg-3 \|\| =1:6.0.8+dfsg-1 \|\| =1:6.0.9+dfsg-1 \|\| =1:6.0.9+dfsg-1.1 \|\| =1:7.0.0+dfsg-1 \|\| =1:7.0.0+dfsg-2 \|\| =1:7.0.0+dfsg-2~bpo12+1 \|\| =1:7.0.1+dfsg-1 \|\| =1:7.0.1+dfsg-1~bpo12+1 \|\| =1:7.0.10+dfsg-1 \|\| =1:7.0.10+dfsg-2 \|\| =1:7.0.2+dfsg-1 \|\| =1:7.0.2+dfsg-1~bpo12+1 \|\| =1:7.0.22+dfsg-1 \|\| =1:7.0.22+dfsg-1.1 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1 \|\| =1:7.0.3+dfsg-1 \|\| =1:7.0.5+dfsg-1 \|\| =1:7.0.5+dfsg-1~bpo12+1 \|\| =1:7.0.6+dfsg-1 \|\| =1:7.0.9+dfsg-1 \|\| =1:7.0.9+dfsg-1~bpo12+1

Aliases

1. CVE-2026-239272. NVD-2026-239273. OSV-DEBIAN-2026-239274. OSV-2026-239275. SECURITY-TRACKER-CVE-2026-23927

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.