CVE-2026-2043
published 2026-02-20CVE-2026-2043: Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
PriorityP184high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
74.17%
99.4th percentile
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.
The specific flaw exists within the esensors_websensor_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28249.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | host | — | — |
| nagios | nagios_xi | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for exploitation attempts targeting the esensors_websensor_configwizard_func method in Nagios XI, which passes unsanitized user-supplied strings to a system call ↗
- →Alert on authenticated POST/GET requests invoking the esensors_websensor_configwizard_func handler with shell metacharacters or command injection payloads in any parameter ↗
- ·Exploitation requires authentication; unauthenticated access alone is insufficient to trigger the command injection ↗
- ·Successful exploitation results in code execution as the Nagios service account, not necessarily root; scope of post-exploitation depends on service account privileges ↗
- ·No public exploit or fix was available as of the publication date (Feb 20, 2026); no CISA KEV entry exists ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-67255 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-67255 [HIGH] CVE-2025-67255 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67255 :
Nagios XI vulnerability analysis and mitigation
In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.
Source : NVD
## 8.8
Score
Published December 29, 2025
Severity HIGH
CNA Score 8.8
Affected Technologies
Nagios XI
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 74.9
Exploitation Probability (EPSS) 0.9
Affected packages and libraries
cpe:2.3:a:nagios:nagios_xi
Sources
Linux Severity HIGH No Fix Added at: Jan 18, 2026
Linux Severity HIGH No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can fo
Wiz
CVE-2025-34288 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2025-34288 [HIGH] CVE-2025-34288 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-34288 :
Nagios XI vulnerability analysis and mitigation
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.
Source : NVD
## 8.6
Score
Published December 16, 2025
Severity HIGH
CNA Score 8.6
Affected Technologies
Nagios XI
Has Public Exploit No
Has CISA
Wiz
CVE-2026-2041 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2041 [HIGH] CVE-2026-2041 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2041 :
Nagios XI vulnerability analysis and mitigation
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.
The specific flaw exists within the zabbixagent_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28250.
Source : NVD
## 8.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
Nagios XI
Has Public Exploit No
Has
Wiz
CVE-2026-2043 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2043 [HIGH] CVE-2026-2043 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2043 :
Nagios XI vulnerability analysis and mitigation
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.
The specific flaw exists within the esensors_websensor_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28249.
Source : NVD
## 8.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
Nagios XI
Has Public E
Wiz
CVE-2025-67254 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-67254 [HIGH] CVE-2025-67254 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67254 :
Nagios XI vulnerability analysis and mitigation
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.
Source : NVD
## 7.5
Score
Published December 29, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
Nagios XI
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 89.2
Exploitation Probability (EPSS) 4.6
Affected packages and libraries
cpe:2.3:a:nagios:nagios_xi
Sources
Linux Severity HIGH No Fix Added at: Jan 18, 2026
Linux Severity HIGH No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Wiz
CVE-2026-2042 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2042 [HIGH] CVE-2026-2042 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2042 :
Nagios XI vulnerability analysis and mitigation
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.
The specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28245.
Source : NVD
## 8.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
Nagios XI
Has Public Exploit No
Has CISA KEV Exploit No
CISA
2026-02-20
Published