Summary iPlain-English security verdict for Zabbix, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Zabbix currently scores 100/100 — healthy. 2 actively-exploited vulnerabilities (CISA KEV) affect older releases (e.g. CVE-2022-23131) — staying on the latest supported version keeps you clear of them. The latest supported release is 7.4.11. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for Zabbix each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2022-23131 CRITICAL exploited CWE-290 EPSS 96% → see advisory CVE-2022-23134 LOW exploited Improper access control EPSS 85% → see advisory CVE-2016-10134 CRITICAL SQL injection EPSS 83% → see advisory CVE-2013-5743 CRITICAL SQL injection EPSS 80% → see advisory CVE-2024-42327 CRITICAL SQL injection EPSS 79% → fixed in 7.0.1 CVE-2024-22120 CRITICAL Improper input validation EPSS 77% → fixed in 6.4.13 CVE-2013-3628 HIGH Injection EPSS 67% → see advisory CVE-2023-29452 MEDIUM Improper input validation EPSS 62% → see advisory CVE-2019-17382 CRITICAL Authorization bypass EPSS 54% → see advisory CVE-2020-15803 MEDIUM Cross-site scripting (XSS) EPSS 32% → see advisory CVE-2009-4498 MEDIUM OS command injection EPSS 32% → see advisory CVE-2020-11800 CRITICAL EPSS 9% → fixed in 3.0.31Get alerted about Zabbix
Be emailed the moment Zabbix gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.
We email only on real events for Zabbix — no marketing, no sharing, and we never know what you run. Track your whole stack →
Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Zabbix release line is supported — and when it sunsets. Select a line for its full report.
Full Zabbix end-of-life dates & support timeline →
7.4 latest 7.4.11 Supported until 2026-09-307.4.11 → 7.2 latest 7.2.15 End of life ended 2025-12-317.2.15 → 7.0 latest 7.0.27 Supported until 2029-06-307.0.27 → 6.4 latest 6.4.21 End of life ended 2024-12-316.4.21 → 6.2 latest 6.2.9 End of life ended 2023-02-286.2.9 → 6.0 latest 6.0.46 Supported until 2027-02-286.0.46 → 5.4 latest 5.4.12 End of life ended 2022-03-315.4.12 → 5.0 latest 5.0.47 End of life ended 2025-05-315.0.47 → 4.0 latest 4.0.50 End of life ended 2023-10-314.0.50 → See all upcoming end-of-life dates →Frequently asked
Is Zabbix safe and patched?
Zabbix currently scores 100/100 — healthy. 2 actively-exploited vulnerabilities (CISA KEV) affect older releases (e.g. CVE-2022-23131) — staying on the latest supported version keeps you clear of them. The latest supported release is 7.4.11. It's on the latest patch with no significant known issues — keep it current.
What should I do about Zabbix now?
Upgrade Zabbix to the latest supported release (7.4.11) or later, which clears the actively-exploited issues affecting older versions, then confirm against Zabbix's official advisory.
When does Zabbix reach end-of-life?
The latest supported Zabbix release is 7.4.11. After end-of-life a release no longer receives security patches.
Which versions of Zabbix are still receiving security updates?
Supported Zabbix release lines (latest 7.4.11): 7.4, 7.0, 6.0. End-of-life releases no longer receive security patches.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Zabbix's official advisory before you patch or upgrade — Zabbix official site ↗