Nagios — Vulnerabilities & Security Advisories 117

Browse all 117 CVE security advisories affecting Nagios. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nagios serves as a critical IT infrastructure monitoring solution, enabling organizations to track system health, network performance, and service availability. Historically, its widespread deployment has made it a frequent target for attackers exploiting legacy codebases. Common vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection, often stemming from insufficient input validation in web interfaces or CGI scripts. Privilege escalation flaws have also been documented, allowing unauthorized users to gain administrative control. While the core monitoring engine is generally robust, the associated web frontends and plugins have introduced significant attack surfaces. Major incidents have highlighted the risks of unpatched installations, particularly in environments where default credentials remain active. With over 117 recorded CVEs, the software underscores the necessity for rigorous patch management and strict access controls to mitigate exploitation risks in enterprise security architectures.

Top products by Nagios: XI Log Server Nagios XI Fusion Network Analyzer Host NCPA

CVEs 117

CVE ID	Title	CVSS	Severity	Published
CVE-2011-10036	Nagios XI < 2011R1.9 XSS via backend_url JavaScript Link Handler — XICWE-79	5.4^AI	Medium^AI	2025-10-30
CVE-2011-10039	Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “My Reports” Listing — XICWE-79	5.4^AI	Medium^AI	2025-10-30
CVE-2021-47699	Nagios XI < 5.8.7 XSS in Audit Log via Send to NLS Form — XICWE-79	4.8^AI	Medium^AI	2025-10-30
CVE-2023-53688	Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay — XICWE-79	8.8^AI	High^AI	2025-10-30
CVE-2023-7317	Nagios XI < 2024R1 Web SSH Terminal Missing Access Control — XICWE-862	8.8^AI	High^AI	2025-10-30
CVE-2020-36863	Nagios XI < 5.7.2 Unrestricted File Upload via Audio Import Directory — XICWE-434	8.8^AI	High^AI	2025-10-30
CVE-2020-36862	Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Highcharts — XICWE-79	6.1^AI	Medium^AI	2025-10-30
CVE-2022-50587	Nagios XI < 5.8.9 Stored XSS via Command Names in Apply Config Error Text — XICWE-79	4.8^AI	Medium^AI	2025-10-30
CVE-2022-50586	Nagios XI < 5.8.9 Stored XSS via BPI Info URL — XICWE-79	4.8^AI	Medium^AI	2025-10-30
CVE-2022-50588	Nagios XI < 5.8.9 Stored XSS in Update Checking — XICWE-79	4.8^AI	Medium^AI	2025-10-30
CVE-2020-36869	Nagios XI < 5.7.5 SQL injection via SNMP Trap Interface Edit Page — XICWE-89	7.2^AI	High^AI	2025-10-30
CVE-2016-15050	Nagios XI < 5.2.4 SQL Injection in Notification Search — XICWE-89	8.1^AI	High^AI	2025-10-30
CVE-2024-13996	Nagios XI < 2024R1.1.3 Session Not Invalidated After Password Change — XICWE-613	9.8^AI	Critical^AI	2025-10-30
CVE-2024-13993	Nagios XI < 2024R1.1.2 Reflected XSS via Login Page on Older Browsers — XICWE-79	6.1^AI	Medium^AI	2025-10-30
CVE-2013-10071	Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality — XICWE-79	6.1^AI	Medium^AI	2025-10-30
CVE-2024-14008	Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard — XICWE-78	7.2^AI	High^AI	2025-10-30
CVE-2025-34286	Nagios XI < 2026R1 RCE via Run Check Command in CCM — XICWE-78	7.2^AI	High^AI	2025-10-30
CVE-2024-14003	Nagios XI < 2024R1.2 RCE via NRDP Server Plugins — XICWE-78	9.8^AI	Critical^AI	2025-10-30
CVE-2025-34134	Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI) — XICWE-78	7.2^AI	High^AI	2025-10-30
CVE-2011-10035	Nagios XI < 2011R1.9 Race Conditions in Crontab Install Scripts LPE — XICWE-367	7.0^AI	High^AI	2025-10-30
CVE-2024-14009	Nagios XI < 2024R1.0.1 Privilege Escalation via System Profile — XICWE-269	7.2^AI	High^AI	2025-10-30
CVE-2024-14004	Nagios XI < 2024R1.2 Privilege Escalation via NagVis Configuration (nagvis.conf) — XICWE-269	7.8^AI	High^AI	2025-10-30
CVE-2018-25123	Nagios XI < 5.5.7 Privilege Escalation via MRTG Graphing Component — XICWE-250	7.8^AI	High^AI	2025-10-30
CVE-2020-36868	Nagios XI < 5.7.3 Privilege escalation via Insecure getprofile.sh Script — XICWE-73	7.8^AI	High^AI	2025-10-30
CVE-2025-34287	Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl — XICWE-732	7.8^AI	High^AI	2025-10-30
CVE-2025-34135	Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files — XICWE-732	7.8^AI	High^AI	2025-10-30
CVE-2021-47700	Nagios XI < 5.8.7 Insecure Permissions on Highcharts Temporary Directory — XICWE-250	7.8^AI	High^AI	2025-10-30
CVE-2024-14006	Nagios XI < 2024R1.2.2 Host Header Injection — XICWE-346	5.4^AI	Medium^AI	2025-10-30
CVE-2018-25122	Nagios XI < 5.4.13 Component Download Page RCE — XICWE-78	8.8^AI	High^AI	2025-10-30
CVE-2024-14005	Nagios XI < 2024R1.2 Command Injection via Docker Wizard — XICWE-78	7.2^AI	High^AI	2025-10-30

This page lists every published CVE security advisory associated with Nagios. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Nagios — Vulnerabilities & Security Advisories 117