The Zabbix monitoring platform has been identified as a high-profile target due to its popularity and widespread use. Two critical vulnerabilities, CVE-2022-23131 and CVE-2022-23134, have been discovered in the Zabbix Web Frontend's client-side session storage implementation. These vulnerabilities can allow attackers to bypass SAML SSO authentication, gain administrator privileges, and execute arbitrary commands on attached servers and agents. The vulnerabilities arise from the use of custom session handlers that do not validate the authenticity of session data when accessing it. The Zabbix maintainers have addressed these issues by introducing additional signature fields, using HMAC constructs for cookie authentication, and modifying the setup process to prevent bypassing. It is recommended to upgrade to version 6.0.0beta2 or later to protect against these vulnerabilities.