CVE-2026-2043

High CVSS: 8.8

Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.

The specific flaw exists within the esensors_websensor_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28249.

Vendor

Nagios

Product

Nagios Xi

CWE

CWE-78

Yayın Tarihi

2026-02-20 23:16:04

Güncelleme

2026-02-24 13:16:42

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-78 Nagios Xi HIGH Nagios 2026

Referanslar

https://www.nagios.com/changelog/nagios-xi/nagios-xi-2026r1-0-1/ https://www.zerodayinitiative.com/advisories/ZDI-26-072/

Benzer Kayıtlar

High

CVE-2026-2041

Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allo…

High

CVE-2026-2042

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote att…

High

CVE-2025-67254

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.

High

CVE-2025-67255

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to…

High

CVE-2025-34288

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between s…

High

CVE-2025-34322

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimen…