Nagios Host monitoringwizard Command Injection lets hackers run code on your servers

Summary

Some Nagios Host installations allow hackers to run their own code on your servers if they have an account. This is bad news because it means your server's security could be compromised. To fix this, update Nagios Host to the latest version, or consider replacing it with a more secure alternative.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
nagios	nagios_xi	2026	–

Original title

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Au...

Original description

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.

The specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28245.

nvd CVSS3.1 8.8

Vulnerability type

CWE-78 OS Command Injection

https://www.nagios.com/changelog/nagios-xi/nagios-xi-2026r1-0-1/ Product Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-26-071/ Third Party Advisory