Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Nagios Host allows attackers to execute code on your network
CVE-2026-2041
Summary
A security issue exists in Nagios Host that could allow attackers with a login to execute code on your system. To stay secure, update Nagios Host to the latest version as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| nagios | nagios_xi | 2026 | – |
Original title
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Na...
Original description
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability.
The specific flaw exists within the zabbixagent_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28250.
The specific flaw exists within the zabbixagent_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28250.
nvd CVSS3.1
8.8
Vulnerability type
CWE-78
OS Command Injection
- https://www.nagios.com/changelog/nagios-xi/nagios-xi-2026r1-0-1/ Product Release Notes
- https://www.zerodayinitiative.com/advisories/ZDI-26-073/ Third Party Advisory
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026