CVE-2026-2041
published 2026-02-20CVE-2026-2041: Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
PriorityP184high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
74.61%
99.4th percentile
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.
The specific flaw exists within the zabbixagent_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28250.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | host | — | — |
| nagios | nagios_xi | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for exploitation of the zabbixagent_configwizard_func method in Nagios XI, which passes unsanitized user-supplied input directly to a system call — flag any unexpected child processes spawned by the Nagios service account originating from this code path. ↗
- →Alert on code execution in the context of the Nagios service account (e.g., nagios, www-data) that originates from the zabbixagent config wizard functionality. ↗
- →Authentication is required to exploit this vulnerability; correlate any exploitation attempts with a preceding authenticated session to Nagios XI. ↗
- ·No public exploit is currently available for CVE-2026-2041, and no fix has been released as of the source publication dates (Feb 24 – Mar 02, 2026). Detection must rely on behavioral/heuristic methods until a patch or PoC is published. ↗
- ·The vulnerability is tracked internally by ZDI as ZDI-CAN-28250; cross-reference this identifier for any future advisories or PoC releases. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-67255 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-67255 [HIGH] CVE-2025-67255 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67255 :
Nagios XI vulnerability analysis and mitigation
In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.
Source : NVD
## 8.8
Score
Published December 29, 2025
Severity HIGH
CNA Score 8.8
Affected Technologies
Nagios XI
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 74.9
Exploitation Probability (EPSS) 0.9
Affected packages and libraries
cpe:2.3:a:nagios:nagios_xi
Sources
Linux Severity HIGH No Fix Added at: Jan 18, 2026
Linux Severity HIGH No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can fo
Wiz
CVE-2025-34288 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2025-34288 [HIGH] CVE-2025-34288 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-34288 :
Nagios XI vulnerability analysis and mitigation
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.
Source : NVD
## 8.6
Score
Published December 16, 2025
Severity HIGH
CNA Score 8.6
Affected Technologies
Nagios XI
Has Public Exploit No
Has CISA
Wiz
CVE-2026-2041 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2041 [HIGH] CVE-2026-2041 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2041 :
Nagios XI vulnerability analysis and mitigation
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.
The specific flaw exists within the zabbixagent_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28250.
Source : NVD
## 8.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
Nagios XI
Has Public Exploit No
Has
Wiz
CVE-2026-2043 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2043 [HIGH] CVE-2026-2043 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2043 :
Nagios XI vulnerability analysis and mitigation
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.
The specific flaw exists within the esensors_websensor_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28249.
Source : NVD
## 8.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
Nagios XI
Has Public E
Wiz
CVE-2025-67254 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-67254 [HIGH] CVE-2025-67254 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67254 :
Nagios XI vulnerability analysis and mitigation
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.
Source : NVD
## 7.5
Score
Published December 29, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
Nagios XI
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 89.2
Exploitation Probability (EPSS) 4.6
Affected packages and libraries
cpe:2.3:a:nagios:nagios_xi
Sources
Linux Severity HIGH No Fix Added at: Jan 18, 2026
Linux Severity HIGH No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Wiz
CVE-2026-2042 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2042 [HIGH] CVE-2026-2042 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2042 :
Nagios XI vulnerability analysis and mitigation
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.
The specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28245.
Source : NVD
## 8.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
Nagios XI
Has Public Exploit No
Has CISA KEV Exploit No
CISA
2026-02-20
Published