cbcvebase.
CVE-2026-2042
published 2026-02-20

CVE-2026-2042: Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on…

PriorityP275high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
5.52%
91.8th percentile
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28245.

Affected

2 ranges
VendorProductVersion rangeFixed in
nagioshost
nagiosnagios_xi

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for exploitation attempts targeting the monitoringwizard module in Nagios XI — unsanitized user-supplied strings passed to system calls indicate active exploitation
  • Alert on process execution spawned from the Nagios service account context, which may indicate successful command injection via monitoringwizard
  • Authentication is required to exploit this vulnerability — investigate authenticated sessions making unusual requests to the monitoringwizard module as a precursor indicator
  • ·No public exploit exists and no fix is available as of the published date; detection relies entirely on behavioral/anomaly monitoring of the monitoringwizard module
  • ·The vulnerability was tracked internally as ZDI-CAN-28245; cross-reference this identifier for any future PoC or patch releases

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.