CVE-2024-36461 CRITICAL

CVE-2024-36461: Direct access to memory pointers within the JS engine for modification

Vendor Zabbix
Product Zabbix
Weakness CWE-822
Published August 9, 2024
Last update November 3, 2025

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.

Key dates

02Disclosure timeline

August 9, 2024 CVE published
November 3, 2025 Record updated