Nagios Security Vulnerabilities (CVEs)
Track 113 security vulnerabilities affecting Nagios products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This cross-site scripting vulnerability in Nagios XI's Core Config Manager allows attackers to inject malicious scripts into overlay modals. When expl...
Oct 30, 2025This CVE describes multiple cross-site scripting (XSS) vulnerabilities in Nagios XI's Core Config Manager (CCM) affecting the Services page. Attackers...
Oct 30, 2025This SQL injection vulnerability in Nagios XI's Core Config Manager allows authenticated users to inject malicious SQL queries through search text fie...
Oct 30, 2025Nagios XI versions before 5.8.0 contain a stored cross-site scripting (XSS) vulnerability in the My Tools page. Attackers can inject malicious scripts...
Oct 30, 2025Nagios XI versions before 5.6.11 have unauthenticated vulnerabilities in the Highcharts export tool. Attackers can inject malicious scripts into expor...
Oct 30, 2025This vulnerability allows authenticated attackers to upload PHP files to Nagios XI's Audio Import directory and execute them, leading to remote code e...
Oct 30, 2025This cross-site scripting vulnerability in Nagios XI allows attackers to inject malicious scripts into the BPI Config Management and Edit Config pages...
Oct 30, 2025This cross-site scripting (XSS) vulnerability in Nagios XI allows attackers to inject malicious scripts into the Manage Users page of the Admin interf...
Oct 30, 2025This vulnerability allows authenticated attackers in Nagios XI to execute arbitrary commands on the server by injecting shell metacharacters into PDF ...
Oct 30, 2025Nagios XI versions before 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. This allows authenticated administrators t...
Oct 30, 2025This vulnerability allows authenticated users with Core Config Manager access in Nagios XI to execute arbitrary commands on the host system by injecti...
Oct 30, 2025This cross-site scripting (XSS) vulnerability in Nagios Log Server allows attackers to inject malicious scripts into web pages when users interact wit...
Oct 30, 2025This SQL injection vulnerability in Nagios XI's Core Config Manager allows authenticated users to inject malicious SQL queries through object edit pag...
Oct 30, 2025This CVE describes multiple cross-site scripting (XSS) vulnerabilities in Nagios XI's Core Config Manager (CCM). Attackers can inject malicious script...
Oct 30, 2025Nagios XI versions before 5.2.4 contain a cross-site scripting vulnerability in the Menu System of the web interface. Attackers can inject malicious s...
Oct 30, 2025Nagios XI versions before 5.2.4 contain a cross-site scripting vulnerability in the 'My Reports' listing page. Attackers can inject malicious scripts ...
Oct 30, 2025This cross-site scripting vulnerability in Nagios Fusion allows attackers to inject malicious scripts into the Users and Servers pages. When exploited...
Oct 30, 2025This cross-site scripting vulnerability in Nagios Fusion allows attackers to inject malicious scripts via the 'fusionwindow' parameter. When exploited...
Oct 30, 2025Nagios XI versions before 5.4.13 contain a cross-site scripting (XSS) vulnerability in the Views page of the web interface. Attackers can inject malic...
Oct 30, 2025This vulnerability allows authenticated users of Nagios XI to execute arbitrary commands on the server through the Component Download page. Attackers ...
Oct 30, 2025Nagios XI versions before 2012R1.6 have an authorization flaw in Auto-Discovery functionality. Users with read-only permissions can access Auto-Discov...
Oct 30, 2025This vulnerability allows authenticated users with access to the Auto-Discovery tool in Nagios XI to inject and execute arbitrary shell commands, pote...
Oct 30, 2025Nagios Log Server versions before 1.4.2 contain a cross-site scripting vulnerability in the Dashboards section. When viewing log entries in the Logs t...
Oct 30, 2025Nagios XI versions before 5.2.4 contain a SQL injection vulnerability in the notification search feature. Authenticated users can manipulate database ...
Oct 30, 2025This cross-site scripting vulnerability in Nagios XI allows attackers to inject malicious scripts into permalinks via xiwindow variables. When victims...
Oct 30, 2025This cross-site scripting vulnerability in Nagios XI allows attackers to inject malicious scripts into the recurring downtime web interface. When expl...
Oct 30, 2025This cross-site scripting (XSS) vulnerability in Nagios XI allows attackers to inject malicious scripts into the Alert Heatmap report and My Reports l...
Oct 30, 2025This cross-site scripting (XSS) vulnerability in Nagios XI allows attackers to inject malicious scripts into status and report pages. When exploited, ...
Oct 30, 2025This SQL injection vulnerability in Nagios XI's legacy Core Configuration Manager allows authenticated users to manipulate database queries. Attackers...
Oct 30, 2025This CVE describes a local privilege escalation vulnerability in Nagios XI where low-privileged users can exploit race conditions during crontab insta...
Oct 30, 2025Nagios Fusion versions 2024R1.2 and 2024R2 fail to invalidate existing session tokens when enabling two-factor authentication, allowing attackers to h...
Oct 27, 2025This vulnerability allows attackers to bypass two-factor authentication in Nagios Fusion by brute-forcing OTP codes due to insufficient rate limiting....
Oct 27, 2025Nagios Log Server before version 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a specific API endpoint. This...
Oct 7, 2025This vulnerability allows deleted users in Nagios Network Analyzer to maintain access to restricted system functions because their sessions and API to...
Apr 18, 2025A Cross-Site Scripting (XSS) vulnerability in Nagios Log Server v.2024R1.3.1 allows remote attackers to inject malicious scripts via the Email field. ...
Apr 15, 2025A session management vulnerability in Nagios Network Analyzer allows attackers to reuse session tokens after users log out, enabling unauthorized acce...
Apr 1, 2025Nagios XI 2024R1.2.2 contains a stored XSS vulnerability in the Tools page that allows authenticated attackers to inject malicious scripts. When other...
Feb 20, 2025A SQL injection vulnerability in Nagios XI 2024R1.2.2 allows remote attackers to execute arbitrary SQL commands via crafted payloads in the History Ta...
Feb 20, 2025Nagios XI versions before 2024R1 have an API key generation vulnerability where attackers can generate identical API keys for all users. This allows a...
Oct 14, 2024This CVE describes a local privilege escalation vulnerability in Nagios NDOUtils where certain executable files are owned by the nagios user instead o...
Aug 7, 2024A privilege escalation vulnerability in Nagios XI's Autodiscover component allows remote attackers to execute arbitrary code via crafted Dashlets. Thi...
May 1, 2024A critical SQL injection vulnerability in Nagios XI 2024R1.01 allows remote attackers to execute arbitrary SQL commands via the monitoringwizard.php c...
Feb 26, 2024Nagios XI versions before 5.11.3 contain a SQL injection vulnerability in the bulk modification tool that allows attackers to execute arbitrary SQL co...
Dec 14, 2023This SQL injection vulnerability in Nagios XI allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQ...
Sep 19, 2023CVE-2021-40343 is a privilege escalation vulnerability in Nagios XI where insecure file permissions on nagios_unbundler.py allow the nagios user to ex...
Oct 26, 2021This is a command injection vulnerability in Nagios XI 5.8.5 that allows authenticated administrators to execute arbitrary system commands by uploadin...
Oct 26, 2021Nagios XI versions before 5.8.5 have incorrect permissions on migrate.php, allowing unauthorized access. This vulnerability affects Nagios XI monitori...
Sep 28, 2021CVE-2021-36365 is a critical privilege escalation vulnerability in Nagios XI where the repairmysql.sh script has incorrect file permissions. This allo...
Sep 28, 2021CVE-2021-37344 allows remote attackers to execute arbitrary operating system commands on Nagios XI servers through the Switch Wizard component. This a...
Aug 13, 2021CVE-2021-37346 allows remote attackers to execute arbitrary operating system commands on Nagios XI servers through the WatchGuard Wizard component. Th...
Aug 13, 2021Why Monitor Nagios Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 113+ known vulnerabilities affecting Nagios products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Nagios packages in under 60 seconds. No agents required - completely agentless scanning that works across Nagios deployments.
Free vulnerability database: Access detailed information about every Nagios CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Nagios CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
