Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Nagios — Vulnerabilities & Security Advisories 117

Browse all 117 CVE security advisories affecting Nagios. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nagios serves as a critical IT infrastructure monitoring solution, enabling organizations to track system health, network performance, and service availability. Historically, its widespread deployment has made it a frequent target for attackers exploiting legacy codebases. Common vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection, often stemming from insufficient input validation in web interfaces or CGI scripts. Privilege escalation flaws have also been documented, allowing unauthorized users to gain administrative control. While the core monitoring engine is generally robust, the associated web frontends and plugins have introduced significant attack surfaces. Major incidents have highlighted the risks of unpatched installations, particularly in environments where default credentials remain active. With over 117 recorded CVEs, the software underscores the necessity for rigorous patch management and strict access controls to mitigate exploitation risks in enterprise security architectures.

Top products by Nagios: XI Log Server Nagios XI Fusion Network Analyzer Host NCPA
CVE IDTitleCVSSSeverityPublished
CVE-2025-34272 Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback — Log ServerCWE-200 9.1AICriticalAI2025-10-30
CVE-2025-34273 Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion — Log ServerCWE-863 4.3AIMediumAI2025-10-30
CVE-2024-58273 Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend Shell User to Root — Log ServerCWE-266 7.8AIHighAI2025-10-30
CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges — Log ServerCWE-250 8.8AIHighAI2025-10-30
CVE-2023-7322 Nagios Log Server < 2024R1 Incorrect Authorization Granting Full API Access — Log ServerCWE-863 8.1AIHighAI2025-10-30
CVE-2016-15049 Nagios Log Server < 1.4.2 Dashboards Logs Table XSS — Log ServerCWE-79 6.1AIMediumAI2025-10-30
CVE-2025-34271 Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext — Log ServerCWE-319 8.8AIHighAI2025-10-30
CVE-2025-34270 Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password Not Obfuscated — Log ServerCWE-312 8.8AIHighAI2025-10-30
CVE-2017-20209 Nagios Fusion < 4.0.1 XSS via Users/Servers Page — FusionCWE-79 5.4AIMediumAI2025-10-30
CVE-2018-25119 Nagios Fusion < 4.1.5 XSS via fusionwindow Parameter — FusionCWE-79 6.1AIMediumAI2025-10-30
CVE-2023-53689 Nagios Fusion < 4.2.0 License Information Reflected XSS — FusionCWE-79 6.1AIMediumAI2025-10-30
CVE-2023-53690 Nagios Fusion < 4.2.0 LDAP/AD Integration Stored XSS — FusionCWE-79 5.4AIMediumAI2025-10-30
CVE-2023-7312 Nagios Fusion < 4.2.0 Email Settings Stored XSS via SMTP/sendmail — FusionCWE-79 4.8AIMediumAI2025-10-30
CVE-2025-44823 Nagios Log Server 安全漏洞 — Log ServerCWE-497 9.9 Critical2025-10-07
CVE-2025-44824 Nagios Log Server 安全漏洞 — Log ServerCWE-863 8.5 High2025-10-07
CVE-2025-34227 Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection — Nagios XICWE-78 8.8AIHighAI2025-09-25
CVE-2024-13986 Nagios XI < 2024R1.3.2 Authenticated Arbitrary File Upload Path Traversal RCE — Nagios XICWE-434 8.8AIHighAI2025-08-28
CVE-2021-4285 Nagios NCPA tail.html cross site scripting — NCPACWE-79 3.5 Low2022-12-27
CVE-2021-33179 Nagios XI 跨站脚本漏洞 — Nagios XICWE-79 5.4 -2021-10-14
CVE-2021-33177 Nagios XI SQL注入漏洞 — Nagios XICWE-89 8.8 -2021-10-14
CVE-2018-15708 Nagios XI Snoopy 命令注入漏洞 — Nagios XI 9.8 -2018-11-14
CVE-2018-15709 Nagios XI 安全漏洞 — Nagios XI 8.8 -2018-11-14
CVE-2018-15710 Nagios XI 命令注入漏洞 — Nagios XI 7.8 -2018-11-14
CVE-2018-15711 Nagios XI 安全漏洞 — Nagios XI 8.8 -2018-11-14
CVE-2018-15712 Nagios XI 跨站脚本漏洞 — Nagios XI 6.1 -2018-11-14
CVE-2018-15713 Nagios XI 跨站脚本漏洞 — Nagios XI 5.4 -2018-11-14
CVE-2018-15714 Nagios XI 跨站脚本漏洞 — Nagios XI 6.1 -2018-11-14

This page lists every published CVE security advisory associated with Nagios. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.