Nagios xi

This hub aggregates every CVE we track for Nagios xi, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Nagios xi.

• CVE-2026-2041Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability8.8Feb 20, 2026
• CVE-2026-2043Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability8.8Feb 20, 2026
• CVE-2026-2042Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability8.8Feb 20, 2026
• CVE-2025-67255In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.8.8Dec 29, 2025
• CVE-2025-67254NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.7.5Dec 29, 2025
• CVE-2025-34288Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo6.7Dec 16, 2025
• CVE-2021-47698Nagios XI < 5.8.7 XSS in Core UI Views URL handling5.4Nov 3, 2025
• CVE-2024-13997Nagios XI < 2024R1.1.3 Privilege Escalation via Migrate Server Feature to Root on Host7.2Nov 3, 2025
• CVE-2024-13998Nagios XI < 2024R1.1.3 API Keys & Hashed Passwords Authenticated Information Disclosure6.5Nov 3, 2025
• CVE-2024-13992Nagios XI < 2024R1.1 XSS via Missing Page / 4045.4Oct 31, 2025
• CVE-2011-10037Nagios XI < 2011R1.9 XSS via xiwindow Variables Affecting Permalinks5.4Oct 30, 2025
• CVE-2021-47697Nagios XI < 5.8.0 XSS via Views URL Handling5.4Oct 30, 2025
• CVE-2018-25121Nagios XI < 5.4.13 XSS via Views Page5.4Oct 30, 2025
• CVE-2013-10074Nagios XI < 2012R2.6 XSS via Tools Menu5.4Oct 30, 2025
• CVE-2011-10040Nagios XI < 2011R1.9 XSS via Status/Report Page Link Functions5.4Oct 30, 2025