GCVE - cpe:2.3:a:nagios:nagios_xi:2026:r1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios_xi:2026:r1:*:*:*:*:*:*

part: a version: 2026 update: r1

Vendor	Nagios (`7fb1328e-019e-51f8-8fa9-c12efadd1bbe`)
Product	Nagios Xi (`7baa8382-9566-5d4f-a39b-a6738305acfe`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-2043`	vulnerable	2026-06-03 15:19:23.362207	Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability HIGH (7.2) Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the esensors_websensor_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28249. Published: 2026-02-20T22:22:06.702Z Updated: 2026-02-26T14:44:12.943Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-26-072/ https://www.nagios.com/changelog/nagios-xi/nagios-xi-2026r1-0-1/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2042`	vulnerable	2026-06-03 15:19:23.361783	Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability HIGH (7.2) Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28245. Published: 2026-02-20T22:21:44.120Z Updated: 2026-02-26T14:44:13.112Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-26-071/ https://www.nagios.com/changelog/nagios-xi/nagios-xi-2026r1-0-1/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2041`	vulnerable	2026-06-03 15:19:23.361301	Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability HIGH (7.2) Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the zabbixagent_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28250. Published: 2026-02-20T22:22:18.448Z Updated: 2026-02-26T14:44:12.787Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-26-073/ https://www.nagios.com/changelog/nagios-xi/nagios-xi-2026r1-0-1/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34288`	vulnerable	2026-06-03 15:00:44.395194	Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user. Published: 2025-12-16T22:17:02.004Z Updated: 2026-05-14T02:08:10.158Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/2026r1-1/ https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-writable-php-include-executed-with-sudo	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.