Approved changes feed: RSS · Atom
cpe:2.3:a:nagios:nagios_xi:2026:*:*:*:*:*:*:*
part: a version: 2026 update: *
| Vendor | Nagios (7fb1328e-019e-51f8-8fa9-c12efadd1bbe) |
|---|---|
| Product | Nagios Xi (7baa8382-9566-5d4f-a39b-a6738305acfe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-34286 |
vulnerable | 2026-06-03 15:00:44.387344 |
Nagios XI < 2026R1 RCE via Run Check Command in CCM
Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager (CCM) Run Check command. Insufficient validation/escaping of parameters used to build backend command lines allows an authenticated administrator to inject shell metacharacters that are executed on the server. Successful exploitation results in arbitrary command execution with the privileges of the Nagios XI web application user and can be leveraged to gain control of the underlying host operating system.
Published: 2025-10-30T21:42:44.052Z
Updated: 2026-05-14T02:08:09.418Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34227 |
vulnerable | 2026-06-03 15:00:44.285398 |
Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection
Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user.
Published: 2025-09-25T17:08:52.921Z
Updated: 2026-05-15T11:15:31.803Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.