CVE-2024-26479 – This vulnerability in Statping-ng v0.91.0 allow... (How to Fix)

Q: What is the severity of CVE-2024-26479?

CVE-2024-26479 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Statping-ng v0.91.0 allows attackers to access sensitive information through crafted requests to the command execution function. It affects systems running the vulnerable version of this monitoring tool, potentially exposing configuration data or credentials.

📋 TL;DR

This vulnerability in Statping-ng v0.91.0 allows attackers to access sensitive information through crafted requests to the command execution function. It affects systems running the vulnerable version of this monitoring tool, potentially exposing configuration data or credentials.

💻 Affected Systems

Products:

Statping-ng

Versions: v0.91.0

Operating Systems: All platforms running Statping-ng

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects version 0.91.0 specifically. Earlier or later versions may not be vulnerable.

📦 What is this software?

Statping Ng by Statping Ng

View all CVEs affecting Statping Ng →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could obtain administrative credentials, API keys, or database credentials, leading to complete system compromise.

🟠

Likely Case

Information disclosure of configuration files, environment variables, or limited system information.

🟢

If Mitigated

Minimal impact if proper network segmentation and access controls prevent external exploitation.

🌐 Internet-Facing: HIGH - Statping-ng is typically deployed as a monitoring dashboard accessible over networks.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to gain sensitive information.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Proof-of-concept code is available on GitHub, suggesting exploitation requires some technical knowledge but is documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after v0.91.0

Vendor Advisory: https://github.com/statping-ng/statping-ng

Restart Required: Yes

Instructions:

1. Check current version with 'statping version'. 2. Update to latest version using package manager or download from GitHub releases. 3. Restart Statping-ng service.

🔧 Temporary Workarounds

Restrict Network Access

all

Limit access to Statping-ng dashboard to trusted IP addresses only

Use firewall rules to restrict access to Statping-ng port (typically 8080)

Disable Command Execution

all

Remove or restrict command execution functionality if not needed

Modify Statping-ng configuration to disable command execution features

🧯 If You Can't Patch

Implement strict network segmentation to isolate Statping-ng from sensitive systems
Monitor for unusual access patterns to the command execution endpoint

🔍 How to Verify

Check if Vulnerable:

Check if running Statping-ng version 0.91.0 exactly

Check Version:

statping version

Verify Fix Applied:

Verify version is updated to a release after v0.91.0

📡 Detection & Monitoring

Log Indicators:

Unusual requests to command execution endpoints
Multiple failed authentication attempts

Network Indicators:

Unusual traffic patterns to Statping-ng dashboard
Requests with crafted parameters

SIEM Query:

source="statping-ng" AND (uri_path="/api/command" OR uri_path CONTAINS "exec")

📊 Metadata

CVE ID: CVE-2024-26479

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: February 11, 2026

Last Updated: February 26, 2026

🔗 References

https://github.com/Ev3rR3d/Statping_Poc Exploit,Third Party Advisory
https://github.com/Ev3rR3d/Statping_Poc/tree/main/CVE-2024-26479 Exploit,Third Party Advisory
https://github.com/statping-ng/statping-ng Product
https://statping-ng.github.io/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26479, you might also want to check these: