A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.CreditsZabbix wants to thank Márk Rákóczi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform.Referenceshttps://support.zabbix.com/browse/ZBX-25635