Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Nagios — Vulnerabilities & Security Advisories 117

Browse all 117 CVE security advisories affecting Nagios. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nagios serves as a critical IT infrastructure monitoring solution, enabling organizations to track system health, network performance, and service availability. Historically, its widespread deployment has made it a frequent target for attackers exploiting legacy codebases. Common vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection, often stemming from insufficient input validation in web interfaces or CGI scripts. Privilege escalation flaws have also been documented, allowing unauthorized users to gain administrative control. While the core monitoring engine is generally robust, the associated web frontends and plugins have introduced significant attack surfaces. Major incidents have highlighted the risks of unpatched installations, particularly in environments where default credentials remain active. With over 117 recorded CVEs, the software underscores the necessity for rigorous patch management and strict access controls to mitigate exploitation risks in enterprise security architectures.

Top products by Nagios: XI Log Server Nagios XI Fusion Network Analyzer Host NCPA
CVE IDTitleCVSSSeverityPublished
CVE-2020-36867 Nagios XI < 5.7.3 Command Injection in Report PDF Download — XICWE-78 8.8AIHighAI2025-10-30
CVE-2021-47689 Nagios XI < 5.8.0 Core Config Manager (CCM) XSS via Templates Pages — XICWE-79 5.4AIMediumAI2025-10-30
CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page — XICWE-79 5.4AIMediumAI2025-10-30
CVE-2022-50584 Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows — XICWE-79 6.1AIMediumAI2025-10-30
CVE-2020-36861 Nagios XI < 5.7.5 Core Config Manager (CCM) XSS via Overlay Rendering and Notification/Check Period Pages — XICWE-79 6.1AIMediumAI2025-10-30
CVE-2021-47690 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Overlay Modals — XICWE-79 6.1AIMediumAI2025-10-30
CVE-2020-36860 Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages — XICWE-79 5.4AIMediumAI2025-10-30
CVE-2022-50585 Nagios XI < 5.8.9 Core Config Manager (CCM) XSS via Audit Log Page Search Input — XICWE-79 5.4AIMediumAI2025-10-30
CVE-2020-36859 Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages — XICWE-89 8.8AIHighAI2025-10-30
CVE-2021-47693 Nagios XI < 5.8.5 Core Config Manager (CCM) SQL Injection via Improper Escaping in Search Text — XICWE-89 8.8AIHighAI2025-10-30
CVE-2021-47694 Nagios XI < 5.8.6 Core Config Manager (CCM) Reflected XSS via Test Command — XICWE-79 6.1AIMediumAI2025-10-30
CVE-2013-10073 Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection — XICWE-78 8.8AIHighAI2025-10-30
CVE-2013-10072 Nagios XI < 2012R1.6 Auto-Discovery Missing Authorization — XICWE-862 7.1AIHighAI2025-10-30
CVE-2020-36857 Nagios XI < 5.6.14 Authenticated SQL Injection via SNMP Trap Interface Page — XICWE-89 7.2AIHighAI2025-10-30
CVE-2012-10063 Nagios XI < 2012R1.3 Authenticated SQL Injection in Legacy CCM — XICWE-89 8.1AIHighAI2025-10-30
CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address — XICWE-78 7.2AIHighAI2025-10-30
CVE-2024-14002 Nagios XI < 2024R1.1.4 Authenticated Local File Inclusion via NagVis — XICWE-98 6.5AIMediumAI2025-10-30
CVE-2025-34284 Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin — XICWE-78 7.2AIHighAI2025-10-30
CVE-2024-13995 Nagios XI < 2024R1.1.2 API Keys & Hashed Passwords Authenticated Information Disclosure — XICWE-497 8.1AIHighAI2025-10-30
CVE-2025-34283 Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes — XICWE-497 6.5AIMediumAI2025-10-30
CVE-2024-13994 Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization — XICWE-862 8.8AIHighAI2025-10-30
CVE-2024-13999 Nagios XI < 2024R1.1.3 AD/LDAP Token Authenticated Information Disclosure — XICWE-497 8.8AIHighAI2025-10-30
CVE-2023-7319 Nagios Network Analyzer < 2024R1 XSS via Percentile Calculator Menu — Network AnalyzerCWE-79 6.1AIMediumAI2025-10-30
CVE-2025-34278 Nagios Network Analyzer < 2024R1 Source Groups / Percentile Calculator Menu Stored XSS — Network AnalyzerCWE-79 5.4AIMediumAI2025-10-30
CVE-2025-34280 Nagios Network Analyzer < 2024R2.0.1 RCE in LDAP Certificate Removal Function — Network AnalyzerCWE-78 7.2AIHighAI2025-10-30
CVE-2023-7321 Nagios Log Server < 2.1.14 XSS via Snapshots Page — Log ServerCWE-79 6.1AIMediumAI2025-10-30
CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function — Log ServerCWE-79 5.4AIMediumAI2025-10-30
CVE-2020-36858 Nagios Log Server < 2.1.6 XSS via Create User, Edit User, & Manage Host Lists Pages — Log ServerCWE-79 4.8AIMediumAI2025-10-30
CVE-2025-34298 Nagios Log Server < 2024R1.3.2 Set Email Privilege Escalation — Log ServerCWE-281 8.8AIHighAI2025-10-30
CVE-2025-34277 Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashboard ID — Log ServerCWE-94 9.8AICriticalAI2025-10-30

This page lists every published CVE security advisory associated with Nagios. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.