A vulnerability has been discovered within Zabbix front end which if configured with SAML could allow a remote unauthenticated attacker to exploit this issue in order to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Affected Version
Zabbix 5.4.0 – 5.4.8, 6.0.0alpha1
Fixed Version
Zabbix 5.4.9rc2, 6.0.0beta1
Remediation
To remediate this vulnerability, apply the updates listed in the ‘Fixed Version’ section to appropriate products or if an immediate update is not possible, follow the presented below workarounds.
Workaround
Where immediate patching is not possible it is possible to remediation this issue by disabling SAML authentication. Please be aware of the side effects of disabling SAML before performing this action if you rely on SAML for authentication.
References
Swarm Intelligence: LiteLLM was the end of the chain, not the beginning.
LiteLLM’s PyPI package was backdoored for under an hour on March 24. SSH keys, cloud credentials, and CI/CD secrets exfiltrated at install. Here is what is…
Handala & MuddyWater: MDM Weaponization at Enterprise Scale
On 11 March 2026, an Iranian two-team operation destroyed 200,000 enterprise devices at Stryker without deploying a single piece of malware. One compromised Global Administrator account.…
Why Robbing Banks Is Easy (And Why That Should Terrify You)
A globally recognized ethical hacker shares real social engineering stories from legally robbing banks across five continents. The tools change. The human vulnerabilities don’t.