Nagios Security Vulnerabilities (CVEs)

Track 113 security vulnerabilities affecting Nagios products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

26 Critical

35 High

52 Medium

Sort by:

🔔 Get Alerts for Nagios

CVE-2026-2042 8.8

This vulnerability allows authenticated remote attackers to execute arbitrary commands on Nagios Host installations through command injection in the m...

CVE-2025-67254 7.5

NagiosXI 2026R1.0.1 build 1762361101 contains a directory traversal vulnerability in /admin/coreconfigsnapshots.php that allows attackers to access fi...

CVE-2025-67255 8.8

NagiosXI 2026R1.0.1 build 1762361101 contains a SQL injection vulnerability in dashboard parameters that lacks proper input filtering. Any authenticat...

CVE-2025-34288 6.7

This CVE describes a local privilege escalation vulnerability in Nagios XI where a maintenance script can be executed as root via sudo but includes a ...

CVE-2025-34322 7.2

Nagios Log Server versions before 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' f...

CVE-2025-34323 7.8

This CVE describes a local privilege escalation vulnerability in Nagios Log Server where the 'www-data' user can replace root-owned scripts in a writa...

CVE-2024-13998 6.5

Nagios XI versions before 2024R1.1.3 allow authenticated users to access sensitive user account information including API keys and password hashes, wh...

CVE-2024-13997 7.2

This vulnerability allows authenticated Nagios XI administrators to escalate their privileges to root on the underlying host system by abusing the Mig...

CVE-2021-47698 5.4

Nagios XI versions before 5.8.7 contain a cross-site scripting vulnerability in the Core UI's Views URL handling. Attackers can inject malicious scrip...

CVE-2024-13992 5.4

Nagios XI versions before 2024R1.1 contain a reflected cross-site scripting (XSS) vulnerability in the 404 error page. An attacker can craft malicious...

CVE-2025-34287 7.8

This vulnerability allows attackers with web server privileges (www-data user) to modify a Nagios XI script, leading to arbitrary code execution as th...

CVE-2025-34274 9.8

Nagios Log Server versions before 2024R2.0.3 run the embedded Logstash process with root privileges, creating a privilege escalation vulnerability. If...

CVE-2025-34278 5.4

Nagios Network Analyzer versions before 2024R1 contain a stored XSS vulnerability in the Source Groups page's percentile calculator menu. An attacker ...

CVE-2025-34280 7.2

This vulnerability allows authenticated administrators in Nagios Network Analyzer to execute arbitrary commands on the underlying host through imprope...

CVE-2025-34284 8.8

Nagios XI versions before 2024R2 contain an authenticated command injection vulnerability in the WinRM plugin. An authenticated administrator can inje...

CVE-2025-34135 4.4

Nagios XI versions before 2024R1.4.2 have overly permissive systemd unit file permissions, specifically on nagios.service. This allows local attackers...

CVE-2025-34270 4.9

Nagios Log Server versions before 2024R2.0.2 expose plaintext AD/LDAP passwords during user import operations. This allows administrators or users wit...

CVE-2025-34271 9.8

Nagios Log Server versions before 2024R2.0.2 transmit cluster credentials over unencrypted channels even when SSL/TLS is configured, allowing network-...

CVE-2025-34273 6.5

Nagios Log Server versions before 2024R2.0.3 have an authorization flaw that lets non-admin users delete global dashboards. This affects all organizat...

CVE-2024-14005 8.8

Nagios XI versions before 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Authenticated administrators can inject shell comma...

CVE-2024-14008 7.2

Nagios XI versions before 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Authenticated administrators ...

CVE-2024-58273 7.8

Nagios Log Server versions before 2024R1.0.2 contain a local privilege escalation vulnerability. An attacker who can execute commands as the Apache we...

CVE-2024-13996 9.8

Nagios XI versions before 2024R1.1.3 fail to invalidate existing user sessions when passwords are changed, allowing attackers who have compromised a s...

CVE-2024-14000 5.4

Nagios XI versions before 2024R1.1.3 contain a cross-site scripting vulnerability in the Capacity Planning Report component. Attackers can inject mali...

CVE-2024-14001 5.4

Nagios XI versions before 2024R1.1.3 are vulnerable to cross-site scripting (XSS) in the Executive Summary Report component. Attackers can inject mali...

CVE-2024-14002 5.5

Nagios XI versions before 2024R1.1.4 contain an authenticated local file inclusion vulnerability in the NagVis integration. Authenticated users can ma...

CVE-2024-14003 9.8

Nagios XI versions before 2024R1.2 contain a critical remote code execution vulnerability in the NRDP server plugins. Attackers can send specially cra...

CVE-2023-7321 5.4

Nagios Log Server versions before 2.1.14 contain a stored cross-site scripting vulnerability in the Snapshots Page. Attackers can inject malicious scr...

CVE-2023-7322 8.1

Nagios Log Server versions before 2024R1 have an incorrect authorization vulnerability where authenticated users without proper API permissions can ac...

CVE-2024-13993 6.1

Nagios XI versions before 2024R1.1.2 have a reflected cross-site scripting (XSS) vulnerability on the login page when accessed with older web browsers...

CVE-2024-13994 9.8

Nagios XI versions before 2024R1.1.2 have a missing authorization vulnerability when 'Allow Insecure Logins' is enabled. This allows any user to creat...

CVE-2023-7313 5.4

Nagios XI versions before 5.11.3 contain a cross-site scripting vulnerability in the Bulk Modifications tool. Attackers can inject malicious scripts t...

CVE-2023-7314 5.4

Nagios XI versions before 5.11.3 contain a cross-site scripting vulnerability in the Bandwidth Report component. Insufficient input validation allows ...

CVE-2023-7315 5.4

Nagios XI versions before 5.11.3 contain a cross-site scripting vulnerability in the Graph Explorer component. Attackers can inject malicious scripts ...

CVE-2023-7316 5.4

Nagios XI versions before 2024R1 contain a cross-site scripting vulnerability in the Graph Explorer component. Insufficient input validation allows at...

CVE-2023-7317 8.8

Nagios XI versions before 2024R1 have a missing access control vulnerability in the Web SSH Terminal. Remote attackers with low privileges can access ...

CVE-2023-7319 5.4

Nagios Network Analyzer versions before 2024R1 contain a cross-site scripting vulnerability in the Percentile Calculator menu. Attackers can inject ma...

CVE-2022-50586 5.4

Nagios XI versions before 5.8.9 contain a stored cross-site scripting vulnerability in the BPI component's info URL field. Attackers can inject malici...

CVE-2022-50587 5.4

Nagios XI versions before 5.8.9 contain a stored cross-site scripting vulnerability in the Apply Configuration error text. Attackers can inject malici...

CVE-2022-50588 5.4

Nagios XI versions before 5.8.9 contain a stored cross-site scripting vulnerability in the update checking feature. Attackers can inject malicious scr...

CVE-2023-53688 5.4

Nagios XI versions before 5.11.3 contain XSS and CSRF vulnerabilities in the Hypermap Replay component. Attackers can inject malicious scripts that ex...

CVE-2023-53689 4.8

Nagios Fusion versions before 4.2.0 contain a reflected cross-site scripting vulnerability in the license key configuration flow. Attackers can craft ...

CVE-2023-53690 4.8

Nagios Fusion versions before 4.2.0 have a stored XSS vulnerability in LDAP/AD authentication configuration. Attackers with LDAP/AD configuration acce...

CVE-2023-7312 4.8

Nagios Fusion versions before 4.2.0 contain a stored cross-site scripting vulnerability in email settings configuration. Attackers with administrative...

CVE-2021-47696 5.4

Nagios XI versions before 5.8.0 contain a cross-site scripting vulnerability in BPI config ID handling. Attackers can inject malicious scripts that ex...

CVE-2021-47697 5.4

Nagios XI versions before 5.8.0 contain a cross-site scripting vulnerability in the Views feature URL handling. Attackers can inject malicious scripts...

CVE-2021-47699 5.4

Nagios XI versions before 5.8.7 contain a cross-site scripting vulnerability in the Audit Log page's Send to NLS form. Attackers can inject malicious ...

CVE-2021-47700 7.8

Nagios XI versions before 5.8.7 use insecure permissions on a temporary directory for Highcharts exports, allowing local or co-hosted processes to rea...

CVE-2022-50584 5.4

This cross-site scripting (XSS) vulnerability in Nagios XI's Core Config Manager allows attackers to inject malicious scripts into search and deletion...

CVE-2022-50585 5.4

This cross-site scripting (XSS) vulnerability in Nagios XI's Core Config Manager allows attackers to inject malicious scripts into the Audit Log page ...

Page 1 of 3 Next →

Why Monitor Nagios Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 113+ known vulnerabilities affecting Nagios products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Nagios packages in under 60 seconds. No agents required - completely agentless scanning that works across Nagios deployments.

Free vulnerability database: Access detailed information about every Nagios CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Nagios CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Nagios CVEs Free